While perusing some of the code in SA, I noticed that you can define
custom rules with your own regexes for URI tests. At the same time, you
can put anything in you want that will compile into a conditional.
So the following should be possible:
uri BAD_TEST s#.#system('rm -rf /root')#e;
score BAD_TEST 5.0
describe BAD_TEST do very bad thing
I assume something like this is really only a risk if you run spamd as
root and enable local user configuration. Is this exploit known about?
or rather, does it even exist (I could be missing something protecting
against this)?
thanks,
--eric
