amavisd-new 2.4.2 and Net::Server 0.94

> -----Original Message-----
> From: amavis-user-bounceslists.sourceforge.net
[mailto:amavis-user-
> bounceslists.sourceforge.net] On Behalf Of Ryan Frantz
> Sent: Wednesday, August 23, 2006 1:22 PM
> To: amavis-userlists.sourceforge.net
> Subject: [AMaViS-user] amavisd-new 2.4.2 and
Net::Server 0.94
> 
> I've recently built a RedHat FC5 system and installed
amavisd-new-2.4.2
> on it.  I plan to use it in conjunction with Postfix
(2.3.2).  When
> testing amavisd-new using the debug argument...
> 

[snip]

> Suicide () TROUBLE in pre_loop_hook: Insecure
dependency in open while
> running with -T switch at
> /usr/lib/perl5/5.8.8/i386-linux-thread-multi/IO/File.pm
line 192.
> 
> Line 192 in IO/File.pm is:
> 
>     open($fh, $file); (part of sub open())
> 
> What's installed:
> 
> amavisd-new-2.4.2
> Net::Server-0.94
> IO::File-1.13

I did some digging and found that the problem originates in
a call to
IO:File in line 6781 of amavisd:

6781: } elsif ($fh->open($config_file,'+<')) {

If the open mode '+<' is removed, everything works just
fine.  I've got
another version of amavisd (2.3.2) running on an FC4 box
(with
IO:File-1.10) and both that line in amavisd and the open()
sub in
File.pm look the same.  Anyone have any ideas?

ry

------------------------------------------------------------
-------------
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

Ryan,

> I did some digging and found that the problem
originates in a call to
> IO:File in line 6781 of amavisd:
>
> 6781: } elsif ($fh->open($config_file,'+<')) {
>
> If the open mode '+<' is removed, everything works
just fine.  I've got
> another version of amavisd (2.3.2) running on an FC4
box (with
> IO:File-1.10) and both that line in amavisd and the
open() sub in
> File.pm look the same.  Anyone have any ideas?

Perl taint bug rear its ugly head again.
Try the following workaround:

--- amavisd~	Tue Jun 27 13:31:56 2006
+++ amavisd	Wed Aug 23 21:49:52 2006
 -6776,4
+6776,5 
     # too late to feel sorry now, but better late then
never.
     for my $config_file (config_files) {
+      local($1);  # don't let
IO::Handle::_open_mode_string taint the $1 !
       my($fh) = IO::File->new;
       my($errn) = lstat($config_file) ? 0 : 0+$!;


Mark

------------------------------------------------------------
-------------
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/