Date: Thu, 25 Sep 2003 14:35:31 +0100 (BST) From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: leeym@FreeBSD.org Subject: ports/57210: mail/razor-agents -- Latest version of SpamAssassin tickles taint mode bug Message-ID: <200309251335.h8PDZVuo006736@happy-idiot-talk.infracaninophile.co.uk> Resent-Message-ID: <200309251340.h8PDeK65003224@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 57210 >Category: ports >Synopsis: mail/razor-agents -- Latest version of SpamAssassin tickles taint mode bug >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 25 06:40:20 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 4.9-PRERELEASE i386 >Organization: Infracaninophile >Environment: System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #31: Thu Sep 25 11:19:11 BST 2003 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386 >Description: The recent update of the mail/p5-Mail-SpamAssassin port resulted in numerous log file entries like the following: Sep 25 14:18:44 happy-idiot-talk spamd[6385]: razor2 check skipped: Insecure dependency in connect while running setuid at /usr/local/lib/perl5/5.8.0/mach/IO/Socket.pm line 114, <GEN78> line 64. This appears to be same as bug #2439 in the SpamAssassin bugzilla: http://bugzilla.spamassassin.org/show_bug.cgi?id=2439 Their analysis is that the latest Spamassassin is exposing some unsafe taint-mode behaviour in the Razor2 code: http://article.gmane.org/gmane.mail.spam.spamassassin.general/29666 >How-To-Repeat: Run SpamAssassin spamd/spamc programs with the Razor checks enabled. >Fix: The patches given in the gmane.org article are effective at curing the problem. I applied them directly to the installed Razor2 perl code, so paths aren't correct for putting the below directly into ports. --- razor.patch begins here --- --- Client/Config.pm~ 2002-11-25 19:13:59.000000000 +0100 +++ Client/Config.pm 2002-11-11 19:29:17.000000000 +0100 @@ -373,6 +373,7 @@ next unless /=/; my ($attribute, $value) = split /\=/, $_, 2; $attribute =~ s/^\s+//; $attribute =~ s/\s+$//; + $value = $1 if $value =~ /^(.*)$/; # untaint! $conf->{$attribute} = $self->parse_value($value); } $total++; --- Client/Core.pm~ 2002-11-25 19:07:38.000000000 +0100 +++ Client/Core.pm 2002-11-25 18:55:35.000000000 +0100 @@ -216,8 +216,10 @@ foreach $rr ($query->answer) { my $pushed = 0; if ($rr->type eq "A") { - push @list, $rr->address; - $pushed = 1; + if ($rr->address =~ m/^(\d+\.\d+\.\d+\.\d+)$/) { + push @list, $1; + $pushed = 1; + } } elsif ($rr->type eq "CNAME") { if ($rr->cname eq 'list.terminator') { pop @list if $pushed; --- razor.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309251335.h8PDZVuo006736>