subject:"refusing to untaint"

Re: Mail::SpamAssassin::Plugin::DCC error on spamd start: util: refusing to untaint suspicious path: "${exec_prefix}/lib" ?

2020-06-12 Thread Nix

On 11 Jun 2020, PGNet Dev outgrape:
> for anyone interested,  it appears the config, as advised, is a bit of a mess
>
> using _explicit_ config of
> 
>./configure \
>--with-installroot=/ \
> --mandir=/usr/local/man \
> --bindir=/usr/local/bin \
> --libexecdir=/usr/local/libexec/dcc \
> --homedir=/var/lib/dcc \

Yeah, the dcc configure script is directly substituting $libexecdir etc
into the output, which isn't going to work unless the output is a
makefile or something else that can do shell-like variable substitution.
The right fix here is to repeatedly eval the variable (in configure.ac)
and only substitute it when all the $'s have gone away. (And perhaps
threshold it so that if they don't go away configure aborts and tells
you not to use self-referential variables :) ).

This is a surprisingly common autoconf error: I must have fixed it in
dozens of packages so far (but not yet DCC).

Re: Mail::SpamAssassin::Plugin::DCC error on spamd start: util: refusing to untaint suspicious path: "${exec_prefix}/lib" ?

2020-06-11 Thread PGNet Dev

On 6/11/20 9:19 AM, PGNet Dev wrote:
> DCC is built/installed,
> 
>   wget http://www.dcc-servers.net/dcc/source/dcc.tar.Z
>   tar zxvf dcc.tar.Z
>   cd dcc-2.3.167
>   ./configure \
>   --disable-server \
>   --disable-dccm \
>   --disable-dccifd
>   make
>   make install
> 
>   which dccproc
>   /usr/local/bin/dccproc
>   dccproc -V
>   2.3.167

for anyone interested,  it appears the config, as advised, is a bit of a mess

using _explicit_ config of

 ./configure \
 --with-installroot=/ \
  --mandir=/usr/local/man \
  --bindir=/usr/local/bin \
  --libexecdir=/usr/local/libexec/dcc \
  --homedir=/var/lib/dcc \
 --with-uid=spamd \
 --disable-server \
 --disable-dccm \
 --disable-dccifd


with

local.cf
...
ifplugin Mail::SpamAssassin::Plugin::DCC
use_dcc1
dcc_home   /var/lib/dcc
dcc_path   /usr/local/bin/dccproc
endif
...


fixes the issue.

Mail::SpamAssassin::Plugin::DCC error on spamd start: util: refusing to untaint suspicious path: "${exec_prefix}/lib" ?

2020-06-11 Thread PGNet Dev

i've built & installed a new instance of

spamd -V
SpamAssassin Server version 3.4.4
  running on Perl 5.26.1
  with SSL support (IO::Socket::SSL 2.067)
  with zlib support (Compress::Zlib 2.093)

running on linux/64.

systemctl status spamd -ln0
● spamd.service - Spamassassin daemon
   Loaded: loaded (/etc/systemd/system/spamd.service; enabled; 
vendor preset: disabled)
   Active: active (running) since Thu 2020-06-11 08:37:30 PDT; 
8min ago
 Main PID: 45508 (spamd)
Tasks: 3
   CGroup: /system.slice/spamd.service
   ├─45508 /usr/bin/perl -w /usr/bin/spamd --ipv4-only 
--nouser-config --listen=/run/spamd/spamd.sock --pidfile=/run/spamd/spamd.pid 
--username=spamd --groupname=spamd --socketowner=spamd --socketgroup=spamd 
--socketmode=666 --allow-tell
   ├─45574 spamd child  
 
   └─45575 spamd child 

it's working well enough; tho, on spamd restart, I see in logs,

Jun 11 08:06:49 mx spamd[10742]: util: refusing to untaint suspicious 
path: "${exec_prefix}/lib"

commenting out,

v310.pre

-   loadplugin Mail::SpamAssassin::Plugin::DCC
+   loadplugin Mail::SpamAssassin::Plugin::DCC

eliminates the error.

here, per


https://cwiki.apache.org/confluence/display/SPAMASSASSIN/SingleUserUnixInstall#SingleUserUnixInstall-DCCsupport

DCC is built/installed,

wget http://www.dcc-servers.net/dcc/source/dcc.tar.Z
tar zxvf dcc.tar.Z
cd dcc-2.3.167
./configure \
--disable-server \
--disable-dccm \
--disable-dccifd
make
make install

which dccproc
/usr/local/bin/dccproc
dccproc -V
2.3.167

and, in SA local.cf,

ifplugin Mail::SpamAssassin::Plugin::DCC
  use_dcc1
  dcc_home   /var/dcc
  dcc_path   /usr/local/bin/dccproc
endif

DCC checks appear to exec/hit on inbound SA scans ...

is that

    util: refusing to untaint suspicious path

an issue, or noise ?

Re: refusing to untaint

2014-02-27 Thread Mike Grau


> 
>> Please open a new bug.  I'll try and make it a blocker for 3.4.1 if you
>> open it ASAP.
> 
> Done. 
> 

For the list - the error appears to have been caused from an old .pre
file that was left in /etc/mail/spamassassin. Removing the .pre files
and re-installing SA eliminated the warning.

No bug. A configuration issue here.

-- Mike G.

Re: refusing to untaint

2014-02-27 Thread Mike Grau


> Please open a new bug.  I'll try and make it a blocker for 3.4.1 if you
> open it ASAP.

Done.

Re: refusing to untaint

2014-02-26 Thread Kevin A. McGrail


On 2/26/2014 4:26 PM, Mike Grau wrote:

Any chance you can try the very small patch in
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7015 and see if
it's related?

Still the same error after patching:
Feb 26 15:24:07.130 [20964] warn: util: refusing to untaint suspicious
path: "${exec_prefix}/lib"
Please open a new bug.  I'll try and make it a blocker for 3.4.1 if you 
open it ASAP.

Re: refusing to untaint

2014-02-26 Thread Mike Grau


> Any chance you can try the very small patch in
> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7015 and see if
> it's related?

Still the same error after patching:
Feb 26 15:24:07.130 [20964] warn: util: refusing to untaint suspicious
path: "${exec_prefix}/lib"

Re: refusing to untaint

2014-02-26 Thread Kevin A. McGrail


On 2/26/2014 3:45 PM, Mike Grau wrote:

Hello,

I've installed SpamAssassin-3.4.0 on a couple of machines via the
tarball and

   perl Makefile.PL
   make
   make test
   make install

When I run a message through spamassassin -t it gives this warning from
Util.pm

   Feb 26 12:19:27.028 [17527] warn: util: refusing to untaint
   suspicious path: "${exec_prefix}/lib"

This is perl 5, version 18, subversion 1 (v5.18.1) built for
x86_64-linux-thread-multi

I'm guessing that the variable ${exec_prefix} should already have been
evaluated? Can someone tell me what might be the problem?

Thanks!
-- Mike


Any chance you can try the very small patch in 
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7015 and see if 
it's related?


Regards,
KAM

refusing to untaint

2014-02-26 Thread Mike Grau

Hello,

I've installed SpamAssassin-3.4.0 on a couple of machines via the
tarball and

  perl Makefile.PL
  make
  make test
  make install

When I run a message through spamassassin -t it gives this warning from
Util.pm

  Feb 26 12:19:27.028 [17527] warn: util: refusing to untaint
  suspicious path: "${exec_prefix}/lib"

This is perl 5, version 18, subversion 1 (v5.18.1) built for
x86_64-linux-thread-multi

I'm guessing that the variable ${exec_prefix} should already have been
evaluated? Can someone tell me what might be the problem?

Thanks!
-- Mike

Re: Mail::SpamAssassin::Plugin::DCC error on spamd start: util: refusing to untaint suspicious path: "${exec_prefix}/lib" ?

Re: Mail::SpamAssassin::Plugin::DCC error on spamd start: util: refusing to untaint suspicious path: "${exec_prefix}/lib" ?

Mail::SpamAssassin::Plugin::DCC error on spamd start: util: refusing to untaint suspicious path: "${exec_prefix}/lib" ?

Re: refusing to untaint

Re: refusing to untaint

Re: refusing to untaint

Re: refusing to untaint

Re: refusing to untaint

refusing to untaint

9 matches

Site Navigation

Mail list logo

Footer information