Re: sa-filter & symlinks (was: svn commit: r153131 - in spamassassin/trunk: Makefile.PL build/do)

[Justin Mason <jm...@jmason.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Malte S. Stretz writes:
> On Thursday 10 February 2005 23:12 CET Justin Mason wrote:
> > Also it doesn't fix the problem we're having -- taint issues from having
> > one script exec another.
> 
> And why don't we just untaint the stuff like we do everything else??  Or 
> just search the binary in the PATH ourselves (*cough* FindBin *cough*) as 
> we'll probably have to call $^X anyway to make it work on Windows.
> 
> I'd like to see the reporting stuff go into its own app sa-report in which 
> case we'd need a more complicated fork in the spamassassin script anyway.

that's entirely true.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFCDHCbMJF5cimLx9ARAorPAJ97t0e+xNdRF4UPIWVwGqGyAh6lXACgn4KA
GEZUcEVEhneNRnrGPQTAGTo=
=Q1/H
-----END PGP SIGNATURE-----