You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2010/02/19 15:53:12 UTC

[Bug 6341] New: make test failure for taint on config_tree_recurse

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6341

           Summary: make test failure for taint on config_tree_recurse
           Product: Spamassassin
           Version: 3.3.0
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Regression Tests
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: kmcgrail@pccc.com


NOTE: this might be related to config_tree_recurse bug 6019

t/config_tree_recurse.............Insecure dependency in unlink while running
with -T switch at /usr/lib/perl5/5.6.1/File/Path.pm line 233.
t/config_tree_recurse.............dubious
        Test returned status 17 (wstat 4352, 0x1100) 

perl is older 5.6.1, obviously.  

File::Path was upgraded to latest 2.0.8.  I stumbled on this while testing the
SVN trunk and spamd errors on multiple systems.  I'm opening a ticket primarily
because it might be a larger issue.

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6341] make test failure for taint on config_tree_recurse

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6341

--- Comment #3 from Mark Martinec <Ma...@ijs.si> 2010-03-02 16:48:34 UTC ---
> However, perl is *not* using it before the default one.
> 'locate Path.pm' shows:
> /usr/lib/perl5/5.6.1/File/Path.pm
> /usr/lib/perl5/site_perl/5.6.1/Foomatic/GrovePath.pm
> /usr/lib/perl5/site_perl/5.6.1/File/Path.pm
> /usr/lib/perl5/vendor_perl/5.6.1/XML/Grove/Path.pm
> /usr/src/File-Path-2.08/Path.pm
> /usr/src/File-Path-2.08/blib/lib/File/Path.pm

Seems to be vendor specific. Under FreeBSD the File::Path as
installed from ports does get used, overriding the core module.

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6341] make test failure for taint on config_tree_recurse

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6341

--- Comment #4 from Kevin A. McGrail <km...@pccc.com> 2010-03-02 17:01:29 UTC ---
I've never had this issue before either and thought it would use the site_perl
first as well.  Didn't even think to check it.

Comparing more recent installs, I did an upgrade and it worked as expected.

@INC didn't lend any useful information but agreed that it's specific to Perl
or the installation / vendor packaging / etc.

  @INC:
    /usr/local/lib/perl5/5.8.8/i686-linux
    /usr/local/lib/perl5/5.8.8
    /usr/local/lib/perl5/site_perl/5.8.8/i686-linux
    /usr/local/lib/perl5/site_perl/5.8.8
    /usr/local/lib/perl5/site_perl/5.8.0/i686-linux
    /usr/local/lib/perl5/site_perl/5.8.0
    /usr/local/lib/perl5/site_perl


  @INC:
    /usr/lib/perl5/5.6.1/i386-linux
    /usr/lib/perl5/5.6.1
    /usr/lib/perl5/site_perl/5.6.1/i386-linux
    /usr/lib/perl5/site_perl/5.6.1
    /usr/lib/perl5/site_perl/5.6.0
    /usr/lib/perl5/site_perl
    /usr/lib/perl5/vendor_perl/5.6.1/i386-linux
    /usr/lib/perl5/vendor_perl/5.6.1
    /usr/lib/perl5/vendor_perl

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6341] make test failure for taint on config_tree_recurse

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6341

--- Comment #1 from Mark Martinec <Ma...@ijs.si> 2010-03-02 16:09:46 UTC ---
(In reply to comment #0)
> NOTE: this might be related to config_tree_recurse bug 6019
> 
> t/config_tree_recurse.............Insecure dependency in unlink while running
> with -T switch at /usr/lib/perl5/5.6.1/File/Path.pm line 233.
> t/config_tree_recurse.............dubious
>         Test returned status 17 (wstat 4352, 0x1100) 
> 
> perl is older 5.6.1, obviously.  
> 
> File::Path was upgraded to latest 2.0.8.  I stumbled on this while testing the
> SVN trunk and spamd errors on multiple systems.  I'm opening a ticket primarily
> because it might be a larger issue.

That was fixed in later versions of File::Path, the 2.0.8 does not seem
to be recent enough. Not sure which one brought the untainting fix,
it is certainly present in later versions. Try:
  $ perl -le 'use File::Path; print File::Path->VERSION'
mine reports 2.08 .

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6341] make test failure for taint on config_tree_recurse

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6341

Mark Martinec <Ma...@ijs.si> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|Undefined                   |3.3.1

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6341] make test failure for taint on config_tree_recurse

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6341

Kevin A. McGrail <km...@pccc.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |kmcgrail@pccc.com
         Resolution|                            |INVALID

--- Comment #2 from Kevin A. McGrail <km...@pccc.com> 2010-03-02 16:35:06 UTC ---
Good call. OK, I triple checked and I had personally installed File::Path
v2.08.

However, perl is *not* using it before the default one.

'locate Path.pm' shows:

/usr/lib/perl5/5.6.1/File/Path.pm
/usr/lib/perl5/site_perl/5.6.1/Foomatic/GrovePath.pm
/usr/lib/perl5/site_perl/5.6.1/File/Path.pm
/usr/lib/perl5/vendor_perl/5.6.1/XML/Grove/Path.pm
/usr/src/File-Path-2.08/Path.pm
/usr/src/File-Path-2.08/blib/lib/File/Path.pm

I ran: 

mv /usr/lib/perl5/5.6.1/File/Path.pm  /usr/lib/perl5/5.6.1/File/Path.pm.old

perl -le 'use File::Path; print File::Path->VERSION' now shows 2.0.8

This resolved the make test issue.

So this is a Perl issue and not an SA issue and I'm marking this Resolved
Invalid.

Anyone else having the issue can rename the Path.pm stock from perl after
installing 2.0.8 to resolve the issue.

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.