You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Nick Urbanik <ni...@nicku.org> on 2005/08/15 03:29:32 UTC

spamd[9706]: security: cannot untaint path: "/_"

Dear Folks,

Spamassassin is telling me things like this in the logs:

Aug 15 11:04:36 nicku spamd[9702]: security: cannot untaint path: "/_"
Aug 15 11:04:36 nicku spamd[9702]: razor2 check skipped: No such file or directory Insecure dependency in mkdir while running setuid at /usr/lib/perl5/vendor_perl/5.8.6/Razor2/Client/Config.pm line 265, <GEN4845> line 96.
Aug 15 11:04:36 nicku spamd[9702]: security: cannot untaint path: "/_"
Aug 15 11:04:36 nicku spamd[9702]: security: cannot untaint path: "/_"
Aug 15 11:04:36 nicku dccproc[22573]: continue not asking DCC 6 seconds after failure
Aug 15 11:04:38 nicku spamd[9702]: clean message (0.0/5.0) for nicku:1000 in 2.7 seconds, 4026 bytes.
Aug 15 11:04:38 nicku spamd[9702]: result: .  0 -  scantime=2.7,size=4026,mid=<00...@zando.ro>,autolearn=ham
Aug 15 11:04:38 nicku postfix/local[22568]: C2F2C246FE3: to=<ni...@nicku.org>, relay=local, delay=3, status=sent (delivered to command: /usr/bin/procmail)
Aug 15 11:04:38 nicku postfix/qmgr[22497]: C2F2C246FE3: removed

SETUP:

$ spamd --version
SpamAssassin Server version 3.0.4
  running on Perl 5.8.6
  with SSL support (IO::Socket::SSL 0.97)
$ rpm -q spamassassin
spamassassin-3.0.4-1_26.rhfc4.at
$ rpm -q amavisd-new
amavisd-new-2.3.1-1.1.fc3.rf
$ rpm -q clamav
clamav-0.86.2-13.rhfc4.at
$ rpm -q fedora-release
fedora-release-4-2_3.rhfc4.at
$ uname -r
2.6.12-1.1398_FC4smp
$ arch
i686
$ rpm -q mailman
mailman-2.1.5-35.fc4
$ rpm -q postfix
postfix-2.2.2-2
$ rpm -q procmail
procmail-3.22-16
$ grep procmail /etc/postfix/main.cf
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
mailbox_command = /usr/bin/procmail

EXCERPT from ~nicku/.procmail.rc:
:0fw: spamassassin.lock
* < 256000
| /usr/bin/spamc

:0:
* ^X-Spam-Status: Yes
probably-spam

$ cat /etc/procmailrc
INCLUDERC=/home/nicku/.procmailrc

QUESTIONS:

Where is this path "/_" coming from?

Any suggestions relating to this setup or possible sources of the problem?
-- 
Nick Urbanik   RHCE       http://nicku.org          nicku(at)nicku.org
Proud ex-member of Dept. of Information & Communications Technology in
Hong Kong IVE (Tsing Yi), Home of Visual Paradigm: Jolt Productivity
Award winner, programmed by ICT's own graduates!
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24    ID: BB9D2C24

Re: spamd[9706]: security: cannot untaint path: "/_"

Posted by jdow <jd...@earthlink.net>.

Blast away. Paul Howarth posted this gem to take care of the dependancy
issue and allow Evolution to update properly.

I had to install quite a few dependancies to get it working. And you
probably want to review the contents of /etc/mail/spamassassin/local.cf.
That will need fixing, I am sure.

{^_^}

Re: spamd[9706]: security: cannot untaint path: "/_"

Posted by Nick Urbanik <ni...@nicku.org>.

On Sun, Aug 14, 2005 at 07:34:19PM -0700, jdow wrote:
> Close to what I am running. I gave up on FC4's SpamAssassin. (It needs
> some serious help.) I nuked it. I installed SpamAssassin via CPAN. That
> works - one I installed all the things FC4 was missing and used a good
> configuration rather than FC4's. Save the /etc/rc.d/init.d/spamassassin
> file, though. It's useful.
> {^_^}

Well, that didn't solve it, though I didn't blast away the entire
package, as I don't want to mess up the dependencies for yum update.

Thank you for the suggestion.
-- 
Nick Urbanik   RHCE       http://nicku.org          nicku(at)nicku.org
Proud ex-member of Dept. of Information & Communications Technology in
Hong Kong IVE (Tsing Yi), Home of Visual Paradigm: Jolt Productivity
Award winner, programmed by ICT's own graduates!
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24    ID: BB9D2C24

Re: spamd[9706]: security: cannot untaint path: "/_"

Posted by jdow <jd...@earthlink.net>.

Close to what I am running. I gave up on FC4's SpamAssassin. (It needs
some serious help.) I nuked it. I installed SpamAssassin via CPAN. That
works - one I installed all the things FC4 was missing and used a good
configuration rather than FC4's. Save the /etc/rc.d/init.d/spamassassin
file, though. It's useful.
{^_^}

Re: spamd[9706]: security: cannot untaint path: "/_"

Posted by Nick Urbanik <ni...@nicku.org>.

Hello,

On Sun, Aug 14, 2005 at 09:23:42PM -0700, Loren Wilton wrote:
> > Where is this path "/_" coming from?
> 
> My guess is that you have a broken line in local.cf or the like.  I would
> look for directory or path specifications for Razor and see if you maybe
> ended up with a line-wrapped line someplace.

Thank you.  not found in local.cf, but  I will carefully search the
other configuration files.  Thank you for your thoughtful help.
-- 
Nick Urbanik   RHCE       http://nicku.org          nicku(at)nicku.org
Proud ex-member of Dept. of Information & Communications Technology in
Hong Kong IVE (Tsing Yi), Home of Visual Paradigm: Jolt Productivity
Award winner, programmed by ICT's own graduates!
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24    ID: BB9D2C24

Re: spamd[9706]: security: cannot untaint path: "/_"

Posted by Loren Wilton <lw...@earthlink.net>.

> Where is this path "/_" coming from?

My guess is that you have a broken line in local.cf or the like.  I would
look for directory or path specifications for Razor and see if you maybe
ended up with a line-wrapped line someplace.

        Loren