reopen 496362
thanks
DBTS Done as the mass-opening of symlink attack in /tmp was wrong in this case.
Why wrong?
{
my $ent = shift;
if ($ent-head-mime_type eq 'message/rfc822') {
if ($DEBUG) {
unlink /tmp/spam.log.$$ if -e /tmp/spam.log.$$;
open(OUT, |$SA_LEARN -D --$spamham --single /tmp/spam.log.$$
21) or die Cannot pipe $SA_LEARN: $!;
} else {
open(OUT, |$SA_LEARN --$spamham --single) or die Cannot pipe
$SA_LEARN: $!;
}
$ent-bodyhandle-print(\*OUT);
--
die $sender, I don't recognize your domain ($domain)!;
}
if ($DEBUG) {
MIME::Tools-debugging(1);
open(STDERR, /tmp/spam_err.log);
}
my $parser = new MIME::Parser;
$parser-extract_nested_messages(0);
$parser-output_under($UNPACK_DIR);
unlink tempfile before using is not guarantee form attack.
re-read bugreport, please:
DBTS Even if you make rm(dir) for files/directories, then your system is
DBTS not protected. Attacker can permanently create symlinks.
attacker can write script as:
#!perl
$file_for_attack='/path/to/file';
while(1)
{
exit unless fork;
symlink $file_for_attack, /tmp/spam.log.$_ for ($$ .. $$+1);
}
--
. ''`. Dmitry E. Oboukhov
: :’ : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
`- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
signature.asc
Description: Digital signature
