Bug 7510 - Virtual Config dir: Insecure dependency in mkdir while running with -T switch
Summary: Virtual Config dir: Insecure dependency in mkdir while running with -T switch
Status: RESOLVED INVALID
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamc/spamd (show other bugs)
Version: 3.4.1
Hardware: PC Linux
: P2 minor
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-30 08:28 UTC by mathias.g
Modified: 2018-08-28 23:46 UTC (History)
1 user (show)


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description mathias.g 2017-11-30 08:28:15 UTC 
Currently moving to a new Server with newer OS, Perl and SpamAssassin Version.
From: Ubuntu 14.04.5 LTS Perl 5.18.2 SpamAssassin version 3.4.0
To: Ubuntu 16.04.3 LTS Perl 5.22.1 SpamAssassin version 3.4.1
/etc/default/spamassassin
OPTIONS="-u spamd -D --create-prefs -m5 --virtual-config-dir=/var/opt/spamd/%u -x --daemonize --max-children 5" 
The above Options worked fine on the old Server, on the new Server i get a Perl error during creating the Folders for the User directories. 

Could not find anyone with the same problem, bug or a config error on my side? 
/var/opt/spamd exists rights should also be fine. 

Part from the Log: (Recipient address was office@domain.tld)
spamd[1468]: spamd: using default config for office: /var/opt/spamd/office/user_prefs
spamd[1468]: info: user has changed
spamd[1468]: bayes: learner_new self=Mail::SpamAssassin::Plugin::Bayes=HASH(0x3065950), bayes_store_module=Mail::SpamAssassin::BayesStore::DBM
spamd[1468]: bayes: learner_new: got store=Mail::SpamAssassin::BayesStore::DBM=HASH(0x35da948)
spamd[1468]: config: using "/var/opt/spamd/office" for user state dir
spamd[1468]: config: mkdir /var/opt/spamd/office failed: Insecure dependency in mkdir while running with -T switch at /usr/share/perl/5.22/File/Path.pm line 136, <GEN17> line 2.
spamd[1468]: bayes: no dbs present, cannot tie DB R/O: /var/opt/spamd/office/bayes_toks
spamd[1468]: config: score set 1 chosen.
spamd[1468]: spamd: running as uid 1001
spamd[1468]: config: time limit 300.0 s
spamd[1468]: message: line ending changed to CRLF
spamd[1468]: message: main message type: text/plain
spamd[1468]: spamd: processing message (unknown) for office:1001
spamd[1468]: check: pms new, time limit in 299.978 s
spamd[1468]: bayes: no dbs present, cannot tie DB R/O: /var/opt/spamd/office/bayes_toks 
Has anyone seen this before?
Thanks, Mathias
Comment 1 Kevin A. McGrail 2017-11-30 15:23:35 UTC 
I think perhaps the newer perl is more strict (or accurate) on a taint issue?

What happens if you make the directory?

Something like this might be in order in spamd to untaint the dir:

if (mkdir untaint($spam_conf_dir), 0700) {

That something you can modify and test to give feedback?

regards,
KAM
Comment 2 Kevin A. McGrail 2018-08-28 23:46:22 UTC 
No feedback from reporter