http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5282
------- Additional Comments From [EMAIL PROTECTED] 2007-01-08 03:48 ------- 'So I think I understand why SpamAssassin runs in taint mode: you wouldn't want joe random user to include new code in their PERL5PATH, then trick spamassassin or spamd into running that code under whatever user the administrator has configured it.' Actually, taint mode is used for a better reason ;) Since it tracks data sources, it ensures that we always treat data taken from the (possibly spam/malware) mail as "tainted" and unsafe, even hundreds of lines of code away from where it was first read from the network. It's pretty handy for that reason -- it greatly reduces the risk of remotely-exploitable flaws. To be honest, this PERL5LIB issue is new to us, too -- we hadn't realised that taint mode breaks that. (it makes sense for most taint users, but not us, unfortunately.) 'At the same time I think that what I'm requesting is not inappropriate. There *are* necessarily unconventional configurations, and the administrator of the system ought to be able to use PERL5LIB or a similar mechanism. What about allowing a PERLLIB-like specification inside init.pre? That file ought to be only accessible to administrators, and it would allow them to include the appropriate directories without opening the door to abuse by their users.' Actually, there's an easy fix -- simply run perl Makefile.PL PERL_TAINT=no instead of perl Makefile.PL that turns off use of taint mode. Taint mode is just a "bonus" security feature; without it, you've still got plenty of security anyway... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
