Bug 5216

Summary: sa-update Insecure dependency in unlink while running with -T switch at /usr/bin/sa-update line 1173.
Product: Spamassassin Reporter: Daryl C. W. O'Shea <spamassassin>
Component: sa-updateAssignee: SpamAssassin Developer Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P5    
Version: SVN Trunk (Latest Devel Version)   
Target Milestone: 3.1.8   
Hardware: Other   
OS: other   
Whiteboard:

Description Daryl C. W. O'Shea 2006-11-30 10:42:15 UTC 
[14411] dbg: generic: unlinking 10_misc.cf
Insecure dependency in unlink while running with -T switch at /usr/bin/sa-update
line 1173.

More random taint flagging ala bug 5061.

Waiting for confirmation from Henk van Lingen about the usual "local ($1);" fix.
Comment 1 Daryl C. W. O'Shea 2006-12-01 09:12:50 UTC 
Confirmed.

[dos@cyan 3.1]$ svn ci -m 'bug 5216: (trivial) avoid random taint flagging of $1
in sa-update'
Sending        sa-update.raw
Transmitting file data .
Committed revision 481292.


and one other spot I noticed this can be a problem:

[dos@cyan 3.1]$ svn ci -m '(trivial) avoid one last place where $1 might be
randomly tainted (and cause a problem) in sa-update'
Sending        sa-update.raw
Transmitting file data .
Committed revision 481299.