Bug 5216 - sa-update Insecure dependency in unlink while running with -T switch at /usr/bin/sa-update line 1173.
Summary: sa-update Insecure dependency in unlink while running with -T switch at /usr/...
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: sa-update (show other bugs)
Version: SVN Trunk (Latest Devel Version)
Hardware: Other other
: P5 normal
Target Milestone: 3.1.8
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-30 10:42 UTC by Daryl C. W. O'Shea
Modified: 2006-12-01 09:12 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daryl C. W. O'Shea 2006-11-30 10:42:15 UTC 
[14411] dbg: generic: unlinking 10_misc.cf
Insecure dependency in unlink while running with -T switch at /usr/bin/sa-update
line 1173.

More random taint flagging ala bug 5061.

Waiting for confirmation from Henk van Lingen about the usual "local ($1);" fix.
Comment 1 Daryl C. W. O'Shea 2006-12-01 09:12:50 UTC 
Confirmed.

[dos@cyan 3.1]$ svn ci -m 'bug 5216: (trivial) avoid random taint flagging of $1
in sa-update'
Sending        sa-update.raw
Transmitting file data .
Committed revision 481292.


and one other spot I noticed this can be a problem:

[dos@cyan 3.1]$ svn ci -m '(trivial) avoid one last place where $1 might be
randomly tainted (and cause a problem) in sa-update'
Sending        sa-update.raw
Transmitting file data .
Committed revision 481299.