https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6205
Summary: spamd Configuration Leakage
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: spamc/spamd
AssignedTo: [email protected]
ReportedBy: [email protected]
Found out the other day, that the VBounce whitelist_bounce_relays settings are
leaking between users. Tested on 3.2.
Looking at the code and related bug 6003 and bug 4179 it appears this would
still be an issue with trunk.
The recent fix for bug 6003 feels like a lot of foot-work adding each and every
user option. And is prone to break again.
Moreover, looking at that list of options being defined empty, I wonder if
there actually are more issues lurking right around the corner. E.g. ok_locales
immediately comes to mind, which should be treated just like the whitelist
stuff in the fix for bug 6003, no? It isn't, so I'd assume it is leaking, too.
:/
Justin in a list post:
"hmm. yes, I think you're right. This is a general issue with how we
store configs, but we may be able to fix it by inferring the storage
key on the Conf object from the config definition block somehow."
Foot-work or not, if this is what can be done in time for 3.3, then we just
need to carefully check and add all such instances. The above ones already
include main Conf.pm settings (ok_locales and others) and Plugin options
(VBounce).
--
Configure bugmail:
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
