Bug 57210 - mail/razor-agents -- Latest version of SpamAssassin tickles taint mode bug
Summary: mail/razor-agents -- Latest version of SpamAssassin tickles taint mode bug
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Yen-Ming Lee
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-09-25 14:40 UTC by Matthew Seaman
Modified: 2003-09-26 02:48 UTC (History)
1 user (show)

See Also:


Attachments
razor.patch (1.03 KB, patch)
2003-09-25 14:40 UTC, Matthew Seaman
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Seaman 2003-09-25 14:40:20 UTC
The recent update of the mail/p5-Mail-SpamAssassin port resulted in numerous
log file entries like the following:

Sep 25 14:18:44 happy-idiot-talk spamd[6385]: razor2 check skipped:  Insecure dependency in connect while running setuid at /usr/local/lib/perl5/5.8.0/mach/IO/Socket.pm line 114, <GEN78> line 64. 

This appears to be same as bug #2439 in the SpamAssassin bugzilla:

  http://bugzilla.spamassassin.org/show_bug.cgi?id=2439

Their analysis is that the latest Spamassassin is exposing some unsafe
taint-mode behaviour in the Razor2 code:

  http://article.gmane.org/gmane.mail.spam.spamassassin.general/29666

Fix: The patches given in the gmane.org article are effective at curing the
problem.  I applied them directly to the installed Razor2 perl code,
so paths aren't correct for putting the below directly into ports.
How-To-Repeat: 
Run SpamAssassin spamd/spamc programs with the Razor checks enabled.
Comment 1 Kirill Ponomarev freebsd_committer 2003-09-25 20:37:56 UTC
Responsible Changed
From-To: freebsd-ports-bugs->leeym

Over to maintainer
Comment 2 Yen-Ming Lee freebsd_committer 2003-09-26 02:48:23 UTC
State Changed
From-To: open->closed

Committed, thanks.