Bug#350954: [rob@tigertech.com: Bug#350954: DSA-960-2 security
update breaks libmail-audit-perl when $ENV{HOME} is not set]
Niko Tyni
ntyni at iki.fi
Thu Feb 2 18:34:46 UTC 2006
On Thu, Feb 02, 2006 at 09:00:14AM +0200, Niko Tyni wrote:
> There's a regression in the patch for DSA-960-1, for both woody and sarge.
> When $HOME is not set, Mail::Audit is now creating logfiles in cwd and
> dying if it's not writable. This happens even if logging is turned off,
> which makes the problem much more serious.
>
> I have not yet had a proper look at the proposed patches in #350954 and
> the last message of #344029, but I wanted to make you aware of this.
Following up on myself: now that I have looked at the patches, the one
in #350954 by Robert L Mathews <rob at tigertech.com> looks good to me.
Of course, a second opinion would be welcome. I'm Cc'ing #350954 in the
hope that somebody else from the Debian Perl Group will comment as well.
To save you at least some work, I'm attaching a backported version of
the patch against the woody version (2.0-4woody1).
(Obviously, this concerns DSA-960-2 rather than the unfortunate
syntactically incorrect DSA-960-1 update.)
--
Niko Tyni ntyni at iki.fi
-------------- next part --------------
--- Audit.pm 2006/02/02 18:10:09 1.1
+++ Audit.pm 2006/02/02 18:15:07
@@ -7,17 +7,12 @@
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK);
use Fcntl ':flock';
use File::Temp qw(tempfile);
+use File::Spec;
use constant REJECTED => 100;
use constant DELIVERED => 0;
my $loglevel=3;
my $logging =0;
my $logfile;
-if (exists $ENV{HOME} and defined $ENV{HOME} and -d $ENV{HOME}) {
- $logfile = "$ENV{HOME}/.mail_audit.log"
-}
-else {
- (undef,$logfile) = tempfile("mail_audit.log-XXXXX",TMPDIR=>1);
-}
$VERSION = '2.0';
@@ -52,6 +47,15 @@
$logfile = $self->{log};
}
if ($logging) {
+ unless (defined $logfile) {
+ if (exists $ENV{HOME} and defined $ENV{HOME} and -d $ENV{HOME}) {
+ $logfile = "$ENV{HOME}/.mail_audit.log"
+ }
+ else {
+ (undef,$logfile) =
+ tempfile("mail_audit.log-XXXXX", DIR => File::Spec->tmpdir);
+ }
+ }
open LOG, ">>$logfile" or die $!;
_log(1,"Logging started at ".scalar localtime);
_log(2,"Incoming mail from ".$self->from);
@@ -225,8 +229,10 @@
You may also specify C<< log => $logfile >> to write a debugging log; you
can set the verbosity of the log with the C<loglevel> key, on a scale of
1 to 4. If you specify a log level without a log file, logging will be
-written to F</tmp/you-audit.log> where F<you> is replaced by your user
-name. If you specify C<< noexit => 1 >>, C<Mail::Audit> will not exit
+written to F<.mail_audit.log> in your home directory if the HOME
+environment variable is set, or to F</tmp/mail_audit.log-XXXXX> (where
+F<XXXXX> contains random characters) if not.
+If you specify C<< noexit => 1 >>, C<Mail::Audit> will not exit
after delivering the mail, but continue running your filter.
=back
More information about the pkg-perl-maintainers
mailing list