ports/57210: mail/razor-agents -- Latest version of SpamAssassin tickles taint mode bug
Matthew Seaman
m.seaman at infracaninophile.co.uk
Thu Sep 25 13:40:42 UTC 2003
>Number: 57210
>Category: ports
>Synopsis: mail/razor-agents -- Latest version of SpamAssassin tickles taint mode bug
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Sep 25 06:40:20 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Matthew Seaman
>Release: FreeBSD 4.9-PRERELEASE i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #31: Thu Sep 25 11:19:11 BST 2003 root at happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386
>Description:
The recent update of the mail/p5-Mail-SpamAssassin port resulted in numerous
log file entries like the following:
Sep 25 14:18:44 happy-idiot-talk spamd[6385]: razor2 check skipped: Insecure dependency in connect while running setuid at /usr/local/lib/perl5/5.8.0/mach/IO/Socket.pm line 114, <GEN78> line 64.
This appears to be same as bug #2439 in the SpamAssassin bugzilla:
http://bugzilla.spamassassin.org/show_bug.cgi?id=2439
Their analysis is that the latest Spamassassin is exposing some unsafe
taint-mode behaviour in the Razor2 code:
http://article.gmane.org/gmane.mail.spam.spamassassin.general/29666
>How-To-Repeat:
Run SpamAssassin spamd/spamc programs with the Razor checks enabled.
>Fix:
The patches given in the gmane.org article are effective at curing the
problem. I applied them directly to the installed Razor2 perl code,
so paths aren't correct for putting the below directly into ports.
--- razor.patch begins here ---
--- Client/Config.pm~ 2002-11-25 19:13:59.000000000 +0100
+++ Client/Config.pm 2002-11-11 19:29:17.000000000 +0100
@@ -373,6 +373,7 @@
next unless /=/;
my ($attribute, $value) = split /\=/, $_, 2;
$attribute =~ s/^\s+//; $attribute =~ s/\s+$//;
+ $value = $1 if $value =~ /^(.*)$/; # untaint!
$conf->{$attribute} = $self->parse_value($value);
}
$total++;
--- Client/Core.pm~ 2002-11-25 19:07:38.000000000 +0100
+++ Client/Core.pm 2002-11-25 18:55:35.000000000 +0100
@@ -216,8 +216,10 @@
foreach $rr ($query->answer) {
my $pushed = 0;
if ($rr->type eq "A") {
- push @list, $rr->address;
- $pushed = 1;
+ if ($rr->address =~ m/^(\d+\.\d+\.\d+\.\d+)$/) {
+ push @list, $1;
+ $pushed = 1;
+ }
} elsif ($rr->type eq "CNAME") {
if ($rr->cname eq 'list.terminator') {
pop @list if $pushed;
--- razor.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list