Hello, What's the point of of change 5027 [1] to spamd.raw? Consists of:
my ($uid,$gid) = (getpwnam('nobody'))[2,3];
+ $uid =~ /^(\d+)$/ and $uid = $1; # de-taint
+ $gid =~ /^(\d+)$/ and $gid = $1; # de-taint
...in multiple places. getpwnam output is not tainted.
I suggest backing it out. "$foo =~ /(.*)/ && $foo = $1" wherever
possible is not the proper use of -T (as proven by bug 4926).
The change is described as "couple of minor tweaks to Net::DNS use2";
I guess it's a mistake.
[1]
http://svn.apache.org/viewvc/spamassassin/trunk/spamd/spamd.raw?r1=5016&r2=5027
--
Radosław Zieliński <[EMAIL PROTECTED]>
pgpCmtdk1ENhK.pgp
Description: PGP signature
