spamassassin-dev September 2011 archive
Main Archive Page > Month Archives  > spamassassin-dev archives
spamassassin-dev: [Bug 6655] [review] sa-update might DOS mirror

[Bug 6655] [review] sa-update might DOS mirrors if TMPDIR unwritable

From: <bugzilla-daemon_at_nospam>
Date: Mon Sep 05 2011 - 17:49:11 GMT
To: dev@spamassassin.apache.org

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6655

--- Comment #5 from Mark Martinec <Mark.Martinec@ijs.si> 2011-09-05 17:49:11 UTC ---
Intended as a quick test of the supplied patch and to explore some other
failure modes, and realizing that plenty of system calls in sa-update
were still ignoring a status return, I ended up with a biggish update
to sa-update and some of the related utility code. I believe it is
an improvement, but further improvement would still be desirable.

Here are the changes:
- sa-update can now take multiple -v or --verbose options to increase
  verbosity; currently one or two levels are in use: two levels
  add reporting on a DNS query and HTTP GET requests;
- allow Mail::SpamAssassin::Util::secure_tmpfile to signal a
  failure, adjust callers for this;
- Message.pm: test $msg->{'raw'} for defined(), not for exists();
  do not store a file handle there if it is not defined;
- sub secure_tmpfile: only retry on failures which are expected
  not to be permanent (e.g. makes no point in trying 20 times
  to create a file when a status is always a "Permission denied";
- sub secure_tmpfile: do not bother with umask, sysopen specifies
  the mode explicitly;
- sa-update: add several missing status tests to system calls,
  improve debug and verbose logging;
- sa-update: use eval{} in the 'try/rollback' idiom to simplify
  diagnostics;
- sa-update: ignore non-'TXT' and empty fields in a DNS reply;
- sa-update: better report gpg process crashes and failure exit status;
- sa-update: some style and terminology changes to go along the
  rest of the modules (like: || warn -> or warn; can't -> cannot);

trunk:
  Sending lib/Mail/SpamAssassin/Message.pm
  Sending lib/Mail/SpamAssassin/PerMsgStatus.pm
  Sending lib/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm
  Sending lib/Mail/SpamAssassin/Util.pm
  Sending sa-update.raw
Committed revision 1165372.

Here is an example of a failure mode that would still cause
repeated cron updates with rules tar files being repeatedly
downloaded despite a previous success:

DNS TXT query: 0.4.3.updates.spamassassin.org -> 1165208
  Update available for channel updates.spamassassin.org
DNS TXT query: mirrors.updates.spamassassin.org ->
  http://spamassassin.apache.org/updates/MIRRORED.BY
http: GET http://spamassassin.apache.org/updates/MIRRORED.BY, 200 OK
http: GET http://sa-update.secnap.net/1165208.tar.gz, 200 OK
http: GET http://sa-update.secnap.net/1165208.tar.gz.sha1, 200 OK
error: failed to create /var/lib/spamassassin/3.004000/
  updates_spamassassin_org/10_default_prefs.cf:
  Permission denied at /usr/local/bin/sa-update line 1132.
channel: archive extraction failed, channel failed
Update failed, exiting with code 4

-- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.