[Bug 919194] New: Postgrey: Set to tainted mode; no startup due to insecure parameter handling
http://bugzilla.opensuse.org/show_bug.cgi?id=919194 Bug ID: 919194 Summary: Postgrey: Set to tainted mode; no startup due to insecure parameter handling Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: x86-64 OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: olafmartens@web.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0 Build Identifier: With the transition from openSuSE 13.1 to 13.2 something must hae gone awry in the Postgrey script. Whereas it has run without problems in the former distro, in the latter it complains that an insecure parameter is being used due to tainted mode. Reproducible: Always Steps to Reproduce: 1. Invoke postgrey --inet <portnum> 2. It immediately complains about an insecure dependency in bind() due to tainted mode. Actual Results: Postgrey aborts because of insecure parameter handling in a critical function (here: bind) in conjunction with the -T flag. Expected Results: Postgrey should start up normally and untaint any parameters that have been passed to it. I have already patched the script to untaint an insecure parameter that prevented Postgrey from starting up. Now it has resumed its normal operation on my server. Now, how do I commit a patch to the repo? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=919194
Martin Pluskal
http://bugzilla.opensuse.org/show_bug.cgi?id=919194
--- Comment #2 from Olaf Martens
http://bugzilla.opensuse.org/show_bug.cgi?id=919194
http://bugzilla.opensuse.org/show_bug.cgi?id=919194#c4
Marcus Rückert
http://bugzilla.opensuse.org/show_bug.cgi?id=919194
http://bugzilla.opensuse.org/show_bug.cgi?id=919194#c6
Marcus Rückert
participants (1)
-
bugzilla_noreply@novell.com