Package: postgrey Version: 1.21-1 Severity: important On my system, postgrey won't start when it has the -T switch to perl in its shebang line. This is what I get when reproducing it manually:
================= cut here ============================= mail1:/data/shared/www# /usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --inet=127.0.0.1:60000 --dbdir /data/shared/lib/postgrey --delay 60 --retry-window=4 --auto-whitelist-clients=3 --greylist-text=You are greylisted for %s seconds. If you have trouble delivering mail to %r, please check the information provided at http://mail.incase.de/greylisting.html 2005/05/17-18:30:17 postgrey (type Net::Server::Multiplex) starting! pid(30786) Binding to TCP port 60000 on host 127.0.0.1 Setting gid to "65534 65534" Setting uid to "108" Insecure dependency in open while running with -T switch at /usr/sbin/postgrey line 485. ================= cut here ============================= The line in question is: open(LOCK, ">>$lock") or die "ERROR: can't open lock file: $lock\n"; $lock is set from the dbdir commandline switch, which is set to /data/shared/lib/postgrey in my case (it is a HighAvailability setup). Here is some relevant ls output (I stripped the timestamps): ================= cut here ============================= mail1:/data/shared/www# ls -ld /data/shared/lib/postgrey/* /data/shared/lib/postgrey /data/shared/lib /data/shared /data /dev/log drwxr-xr-x 6 root root 4096 /data drwxr-xr-x 17 root root 4096 /data/shared drwxr-xr-x 3 root root 4096 /data/shared/lib drwx------ 2 postgrey root 4096 /data/shared/lib/postgrey -rw------- 1 postgrey nogroup 16384 /data/shared/lib/postgrey/__db.001 -rw------- 1 postgrey nogroup 270336 /data/shared/lib/postgrey/__db.002 -rw------- 1 postgrey nogroup 98304 /data/shared/lib/postgrey/__db.003 -rw------- 1 postgrey nogroup 16384 /data/shared/lib/postgrey/__db.004 -rw------- 1 postgrey nogroup 10485760 /data/shared/lib/postgrey/log.0000000001 -rw------- 1 postgrey nogroup 8192 /data/shared/lib/postgrey/postgrey.db -rw------- 1 postgrey nogroup 0 /data/shared/lib/postgrey/postgrey.lock -rw------- 1 postgrey nogroup 8192 /data/shared/lib/postgrey/postgrey_clients.db srw-rw-rw- 1 root root 0 /dev/log ================= cut here ============================= I suppose this is some Perl problem, but I'm not sure what causes it or how it could be fixed. If I don't use the -T switch for perl, postgrey works as expected. The problem is probably caused by not untainting the dbdir commandline parameter. However, I'm no perl guru so I don't really know. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing'), (400, 'experimental'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11.7-incase Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages postgrey depends on: ii debconf 1.4.30.13 Debian configuration management sy ii libberkeleydb-perl 0.26-3 use Berkeley DB 4 databases from P ii libnet-dns-perl 0.48-1 Perform DNS queries from a Perl sc ii libnet-server-perl 0.87-3 An extensible, general perl server ii perl 5.8.4-8 Larry Wall's Practical Extraction ii ucf 1.17 Update Configuration File: preserv -- debconf information: postgrey/1.13-5_move-db: postgrey/1.14-1_lookup-by-subnet: postgrey/1.13-5_old-config: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
