Bug 57210 - mail/razor-agents -- Latest version of SpamAssassin tickles taint mode bug
Summary: mail/razor-agents -- Latest version of SpamAssassin tickles taint mode bug
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Yen-Ming Lee
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-09-25 14:40 UTC by Matthew Seaman
Modified: 2003-09-26 02:48 UTC (History)
1 user (show)

See Also:

Attachments
razor.patch (1.03 KB, patch)
2003-09-25 14:40 UTC, Matthew Seaman 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Seaman 2003-09-25 14:40:20 UTC 
The recent update of the mail/p5-Mail-SpamAssassin port resulted in numerous
log file entries like the following:

Sep 25 14:18:44 happy-idiot-talk spamd[6385]: razor2 check skipped:  Insecure dependency in connect while running setuid at /usr/local/lib/perl5/5.8.0/mach/IO/Socket.pm line 114, <GEN78> line 64. 

This appears to be same as bug #2439 in the SpamAssassin bugzilla:

  http://bugzilla.spamassassin.org/show_bug.cgi?id=2439

Their analysis is that the latest Spamassassin is exposing some unsafe
taint-mode behaviour in the Razor2 code:

  http://article.gmane.org/gmane.mail.spam.spamassassin.general/29666

Fix: The patches given in the gmane.org article are effective at curing the
problem.  I applied them directly to the installed Razor2 perl code,
so paths aren't correct for putting the below directly into ports.
How-To-Repeat: 
Run SpamAssassin spamd/spamc programs with the Razor checks enabled.
Comment 1 Kirill Ponomarev freebsd_committer freebsd_triage 2003-09-25 20:37:56 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->leeym

Over to maintainer
Comment 2 Yen-Ming Lee freebsd_committer freebsd_triage 2003-09-26 02:48:23 UTC 
State Changed
From-To: open->closed

Committed, thanks.