[Mimedefang] HEADS UP, bug in spamassassin versions 2.50 -> 2.63

Chris Myers chris at by-design.net
Thu Aug 5 07:54:51 EDT 2004 

----- Original Message ----- 
From: "Patrik Andersin" <cat at iki.fi>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Sunday, August 01, 2004 12:57 PM
Subject: [Mimedefang] HEADS UP, bug in spamassassin versions 2.50 -> 2.63


> There is an nasty umask bug in spamassasin version 2.50 - 2.63 which
> effectively disables virus scanning in mimedefang if
> [...]
> The bug is in sa's UnixLocker.pm module in line 47:
> [...]
> Bug report filed:
> http://bugzilla.spamassassin.org/show_bug.cgi?id=3653

The bug is more widespread than that, and also exists in the newly released
SpamAssassin 2.64. :-(

There are actually three places in the SpamAssassin code that destroy the
umask: NoMailAudit.pm, PerMsgStatus.pm, UnixLocker.pm.  I have updated the
bug in Bugzilla.

Below is a patch vs. SpamAssassin 2.64.

Save the patch and apply with "patch -p1 < _NAME_OF_PATCH_FILE_" from inside
the SpamAssassin source directory.

Chris Myers
Networks By Design

--- CUT HERE ---

diff -ur Mail-SpamAssassin-2.64/lib/Mail/SpamAssassin/NoMailAudit.pm
Mail-SpamAssassin-2.64-fixed/lib/Mail/SpamAssassin/NoMailAudit.pm
--- Mail-SpamAssassin-2.64/lib/Mail/SpamAssassin/NoMailAudit.pm Wed Aug  4
20:48:33 2004
+++ Mail-SpamAssassin-2.64-fixed/lib/Mail/SpamAssassin/NoMailAudit.pm   Thu
Aug  5 06:33:16 2004
@@ -430,7 +430,7 @@
   my $gotlock = 0;
   my $retrylimit = 30;

-  my $umask = 0;
+  my $umask = umask 0;
   if (!sysopen (LOCK, $locktmp, O_WRONLY | O_CREAT | O_EXCL, 0644)) {
     umask $umask;
     #die "lock $file failed: create $locktmp: $!";
diff -ur Mail-SpamAssassin-2.64/lib/Mail/SpamAssassin/PerMsgStatus.pm
Mail-SpamAssassin-2.64-fixed/lib/Mail/SpamAssassin/PerMsgStatus.pm
--- Mail-SpamAssassin-2.64/lib/Mail/SpamAssassin/PerMsgStatus.pm        Wed
Aug  4 20:48:33 2004
+++ Mail-SpamAssassin-2.64-fixed/lib/Mail/SpamAssassin/PerMsgStatus.pm  Thu
Aug  5 06:32:20 2004
@@ -2619,7 +2619,7 @@
   my $template = $tmpdir."/sa.$$.";

   my $reportfile;
-  my $umask = 0;
+  my $umask = umask 0;
   do {
       # we do not rely on the obscurity of this name for security...
       # we use a average-quality PRG since this is all we need
diff -ur Mail-SpamAssassin-2.64/lib/Mail/SpamAssassin/UnixLocker.pm
Mail-SpamAssassin-2.64-fixed/lib/Mail/SpamAssassin/UnixLocker.pm
--- Mail-SpamAssassin-2.64/lib/Mail/SpamAssassin/UnixLocker.pm  Wed Aug  4
20:48:32 2004
+++ Mail-SpamAssassin-2.64-fixed/lib/Mail/SpamAssassin/UnixLocker.pm    Thu
Aug  5 06:30:58 2004
@@ -44,7 +44,7 @@
   my $lock_tmp = Mail::SpamAssassin::Util::untaint_file_path
                                        ("$path.lock.$hname.$$");

-  my $umask = 077;
+  my $umask = umask 077;
   if (!open(LTMP, ">$lock_tmp")) {
       umask $umask;
       die "lock: $$ cannot create tmp lockfile $lock_tmp for $lock_file:
$!\n";

More information about the MIMEDefang mailing list