You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2009/09/17 20:48:15 UTC

[Bug 6206] spamd: Insecure Dependency in setuid mkdir

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6206

Warren Togami <wt...@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|spamd: setuid mkdir         |spamd: Insecure Dependency
                   |Insecure Dependency         |in setuid mkdir

--- Comment #1 from Warren Togami <wt...@redhat.com> 2009-09-17 11:48:14 PDT ---
FAILS perl-5.8.8-27.el5   spamassassin-3.3.0-alpha2
WORKS perl-5.8.8-27.el5   spamassassin-3.2.5

RHEL-5 fails with 3.3.0-alpha2 but not 3.2.5.

FAILS perl-5.10.0-73.fc11 spamassassin-3.3.0-alpha2
FAILS perl-5.10.0-73.fc11 spamassassin-3.2.5

Fedora 11 fails with both 3.2.5 and 3.3.0-alpha2, however the 3.2.5 failure is
a different issue.

spamd[7639]: config: using "/home/fedora/wtogami/.spamassassin" for user state
dir
spamd[7639]: config: mkdir /home/fedora/wtogami/.spamassassin failed: mkdir
/home/fedora/wtogami/.spamassassin: Permission denied at
/usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin.pm line 1577
spamd[7639]: config: Permission denied

So it does seem that something regressed in 3.3.0-alpha2 since 3.2.5.

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.