>>>>> "MT" == Matt Thoene <[EMAIL PROTECTED]> writes:
MT> Hi...just upgraded from rc3 to rc4 and am now seeing this in the logs...
MT> razor2 check skipped: Bad file descriptor Insecure dependency in
MT> connect while running setuid at
MT> /usr/local/lib/perl5/5.6.1/i686-linux/IO/Socket.pm line 108,
MT> <GEN79> line 74.
Razor has had taint un-safe code in it for a long time. Every new
release require the same old patches. i don't use razor anymore, but
here are the last set of patches I had to make it taint-safe:
% cat /usr/local/src/razor-2.34.patch
--- Config.pm.orig Thu May 22 09:54:18 2003
+++ Config.pm Thu May 22 09:54:18 2003
@@ -383,6 +383,7 @@
next unless /=/;
my ($attribute, $value) = split /\=/, $_, 2;
$attribute =~ s/^\s+//; $attribute =~ s/\s+$//;
+ $value = $1 if $value =~ /^(.*)$/; # untaint!
$conf->{$attribute} = $self->parse_value($value);
}
$total++;
--- Core.pm.orig Thu May 22 09:55:51 2003
+++ Core.pm Thu May 22 09:55:51 2003
@@ -218,8 +218,10 @@
foreach $rr ($query->answer) {
my $pushed = 0;
if ($rr->type eq "A") {
- push @list, $rr->address;
- $pushed = 1;
+ if ($rr->address =~ m/^(\d+\.\d+\.\d+\.\d+)$/) {
+ push @list, $1;
+ $pushed = 1;
+ }
} elsif ($rr->type eq "CNAME") {
if ($rr->cname eq 'list.terminator') {
pop @list if $pushed;
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D. Khera Communications, Inc.
Internet: [EMAIL PROTECTED] Rockville, MD +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
