http://bugzilla.spamassassin.org/show_bug.cgi?id=3937
------- Additional Comments From [EMAIL PROTECTED] 2004-10-29 15:14 -------
In unix the spamassasin file can be installed as a perl source file with
#!/usr/bin/perl -T -w as the first line. Windows command processor doesn't use
that.
The Windows install uses p2bat which sticks some lines of batch file commands to
the head of the file that invokes perl on the file, and names that
spamassassin.bat.
The perl command line installed by p2bat does not enable taint mode. So
SpamAssassin on Windows does not run in taint mode.
Taint mode under Windows is tricky because it checks that no directory in PATH
is world writeable, but it is not likely that anyone running under Windows has
their directories protected like that. It is theoretically possible to have
strict access controls using NTFS, but it is not in FAT and it is rare for
somebody to configure their system to use NTFS and have secure compartmentalized
access to directories.
At least this explains how it is that people are not able to run DCC and so on
from SpamAssassin under Windows. Perhaps dealing with this will lead to someone
putting in the effort to investigate that and get them working.
The most standard way I've found for people running perl under Windows to deal
with this is to set $ENV{'PATH'} explicitly. But it does require recognizing
that Windows does not provide a secure multiuser environment, and so some taint
checks just have to be bypassed when running under it. A tricky thing would be
to figure out what to set PATH to. That might have to be a configuration option,
specifying the correct minimal PATH to use when running SpamAssassin under
Windows.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
