spamassassin-dev September 2011 archive
Main Archive Page > Month Archives  > spamassassin-dev archives
spamassassin-dev: [Bug 6655] [review] sa-update might DOS mirror

[Bug 6655] [review] sa-update might DOS mirrors if TMPDIR unwritable

From: <bugzilla-daemon_at_nospam>
Date: Mon Sep 05 2011 - 18:12:26 GMT
To: dev@spamassassin.apache.org

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6655

--- Comment #6 from Kevin A. McGrail <kmcgrail@pccc.com> 2011-09-05 18:12:26 UTC ---
> Here is an example of a failure mode that would still cause
> repeated cron updates with rules tar files being repeatedly
> downloaded despite a previous success:
>
> DNS TXT query: 0.4.3.updates.spamassassin.org -> 1165208
> Update available for channel updates.spamassassin.org
> DNS TXT query: mirrors.updates.spamassassin.org ->
> http://spamassassin.apache.org/updates/MIRRORED.BY
> http: GET http://spamassassin.apache.org/updates/MIRRORED.BY, 200 OK
> http: GET http://sa-update.secnap.net/1165208.tar.gz, 200 OK
> http: GET http://sa-update.secnap.net/1165208.tar.gz.sha1, 200 OK
> error: failed to create /var/lib/spamassassin/3.004000/
> updates_spamassassin_org/10_default_prefs.cf:
> Permission denied at /usr/local/bin/sa-update line 1132.
> channel: archive extraction failed, channel failed
> Update failed, exiting with code 4

We were discussing this scenario a few days ago and my thoughts were, what
about not deleting the sa-update files and using a standard directory for the
files so they weren't continually downloaded over and over?

-- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.