spamassassin-dev September 2011 archive
Main Archive Page > Month Archives  > spamassassin-dev archives
spamassassin-dev: [Bug 6655] [review] sa-update might DOS mirror

[Bug 6655] [review] sa-update might DOS mirrors if TMPDIR unwritable

From: <bugzilla-daemon_at_nospam>
Date: Mon Sep 05 2011 - 17:49:11 GMT

--- Comment #5 from Mark Martinec <> 2011-09-05 17:49:11 UTC ---
Intended as a quick test of the supplied patch and to explore some other
failure modes, and realizing that plenty of system calls in sa-update
were still ignoring a status return, I ended up with a biggish update
to sa-update and some of the related utility code. I believe it is
an improvement, but further improvement would still be desirable.

Here are the changes:
- sa-update can now take multiple -v or --verbose options to increase
  verbosity; currently one or two levels are in use: two levels
  add reporting on a DNS query and HTTP GET requests;
- allow Mail::SpamAssassin::Util::secure_tmpfile to signal a
  failure, adjust callers for this;
- test $msg->{'raw'} for defined(), not for exists();
  do not store a file handle there if it is not defined;
- sub secure_tmpfile: only retry on failures which are expected
  not to be permanent (e.g. makes no point in trying 20 times
  to create a file when a status is always a "Permission denied";
- sub secure_tmpfile: do not bother with umask, sysopen specifies
  the mode explicitly;
- sa-update: add several missing status tests to system calls,
  improve debug and verbose logging;
- sa-update: use eval{} in the 'try/rollback' idiom to simplify
- sa-update: ignore non-'TXT' and empty fields in a DNS reply;
- sa-update: better report gpg process crashes and failure exit status;
- sa-update: some style and terminology changes to go along the
  rest of the modules (like: || warn -> or warn; can't -> cannot);

  Sending lib/Mail/SpamAssassin/
  Sending lib/Mail/SpamAssassin/
  Sending lib/Mail/SpamAssassin/Plugin/
  Sending lib/Mail/SpamAssassin/
  Sending sa-update.raw
Committed revision 1165372.

Here is an example of a failure mode that would still cause
repeated cron updates with rules tar files being repeatedly
downloaded despite a previous success:

DNS TXT query: -> 1165208
  Update available for channel
DNS TXT query: ->
http: GET, 200 OK
http: GET, 200 OK
http: GET, 200 OK
error: failed to create /var/lib/spamassassin/3.004000/
  Permission denied at /usr/local/bin/sa-update line 1132.
channel: archive extraction failed, channel failed
Update failed, exiting with code 4

-- Configure bugmail: ------- You are receiving this mail because: ------- You are the assignee for the bug.