Package: spamassassin
Version: 3.4.0-6
Tags: jessie
Debian version: 8.1
Kernel version: 3.16.0-4-kirkwood #1 Debian 3.16.7-ckt11-1 (2015-05-24)
armv5tel GNU/Linux
Hi,
For years, I've had my server mount /tmp and /var noexec, as a security
measure (since I met an attempt to run code uploaded in /var through an
exim security bug).
However, this causes spamassassin to fail because /var being mounted
noexec keeps it from loading this file:
/var/lib/spamassassin/compiled/5.020/3.004000/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
The error messages are:
juil. 02 08:02:15 myserver spamd[785]: Can't load
'/var/lib/spamassassin/compiled/5.020/3.004000/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so'
for module Mail::SpamAssassin::CompiledRegexps::body_0:
/var/lib/spamassassin/compiled/5.020/3.004000/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so:
échec d'adressage (mapping) du segment de l'objet partagé: Opération non
permise at /usr/share/perl/5.20/XSLoader.pm line 68.
juil. 02 08:02:15 myserver spamd[785]: at
/var/lib/spamassassin/compiled/5.020/3.004000/Mail/SpamAssassin/CompiledRegexps/body_0.pm
line 378.
juil. 02 08:02:15 sphinx2 spamd[785]: Can't load
'/var/lib/spamassassin/compiled/5.020/3.004000/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so'
for module Mail::SpamAssassin::CompiledRegexps::body_0:
/var/lib/spamassassin/compiled/5.020/3.004000/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so:
échec d'adressage (mapping) du segment de l'objet partagé: Opération non
permise at /usr/share/perl/5.20/XSLoader.pm line 68.
juil. 02 08:02:15 myserver spamd[785]: at
/var/lib/spamassassin/compiled/5.020/3.004000/Mail/SpamAssassin/CompiledRegexps/body_0.pm
line 378.
juil. 02 08:02:15 myserver spamd[785]: BEGIN failed--compilation aborted
at
/var/lib/spamassassin/compiled/5.020/3.004000/Mail/SpamAssassin/CompiledRegexps/body_0.pm
line 379.
juil. 02 08:02:15 myserver spamd[785]: Compilation failed in require at
(eval 947) line 1.
The French above seems to be the translation for:
"failed to map segment from shared object: Permission denied"
I realize this is not really a software bug, but I consider this a
security issue nonetheless (I have to mount -o remount,exec /var to
solve the issue). Do shared objects (.so libraries) really belong in
/var? What would be a better location?
Yves.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org