On Sat, Feb 06, 2010 at 09:17:10AM +1300, Francois Marier wrote: > > It appears that FuzzyOcr no longer runs on my sid box. I get a lot of these > in my logs: > > spamd[23016]: FuzzyOcr: Error running preprocessor(ppmtopgm): > /usr/bin/ppmtopgm > spamd[23016]: FuzzyOcr: Return code: 2048, Error: save_execute: Insecure > dependency in exec while running setuid at /usr/share/perl5/FuzzyOcr/Misc.pm > line 188. > > spamd[23016]: FuzzyOcr: Unable to read output from > "/tmp/.spamassassin23016gw80E3tmp/scanset.tesseract.out.txt" for scanset > tesseract > spamd[23016]: FuzzyOcr: Errors in Scanset "tesseract" > spamd[23016]: FuzzyOcr: Return code: 2048, Error: save_execute: Insecure > dependency in exec while running setuid at /usr/share/perl5/FuzzyOcr/Misc.pm > line 188.
The programs that have errors are most probably the ones you defined with a focr_bin_helper line in the config file, right? > Could it be that FuzzyOcr doesn't work with Perl 5.10? No, the current version of SpamAssassin uses Perl's taint mode to mark config data as possibly dangerous. The FuzzyOcr config file is read with the SpamAssassin parser. This causes the names of the helper programs you defined to be considered as tainted data. And when running in taint mode, Perl will not execute external programs when it derives the name from a tainted variable. I hacked around this by explicitly untainting the data from focr_bin_helper and focr_bin_<progname> config entries by using the included patch. At the moment this is sufficient to have FuzzyOcr running without errors on my system, but I might have missed some corner cases. The inluded patch should probably also be reviewed for security implications. Arjan --- Config.pm.ORIG 2010-02-18 12:58:40.000000000 +0100 +++ Config.pm 2010-02-18 14:44:02.000000000 +0100 @@ -577,7 +577,7 @@ sub parse_config { return 1; } elsif ($opts->{key} eq 'focr_bin_helper') { my @cmd; $conf = $opts->{conf}; - my $val = $opts->{value}; $val =~ s/[\s]*//g; + my $val = Mail::SpamAssassin::Util::untaint_var($opts->{value}); $val =~ s/[\s]*//g; debuglog("focr_bin_helper: '$val'"); foreach my $bin (split(',',$val)) { unless (grep {m/$bin/} @bin_utils) { @@ -618,6 +618,7 @@ sub finish_parsing_end { delete $conf->{$b}; } if (defined $conf->{$b}) { + $conf->{$b} = Mail::SpamAssassin::Util::untaint_var($conf->{$b}); debuglog("Using $a => $conf->{$b}"); } else { foreach my $p (@paths) { -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org