Cygwin, win98, SA, Perl IO::Socket (Insecure dependency)

Bryan Hoover bhoover@wecs.com
Sun Jan 25 18:17:00 GMT 2004


"Gerrit P. Haase" wrote:
> 
> Hallo Bryan,
> 
> have you already asked the SpamAssasin developers?  Have they any
> idea?  At least they should know best why it behaves different for
> similar headers with another domain.

Mmm.  I suppose that's a fair question.  

Only it's not really SA that's behaving differently -- SA's not throwing
the taint exception, Net::DNS is.  But it's only happenning on Cygwin.

At least that's my thinking so far.  I was hoping someone here might
have some insight, or prior knowledge about it.

It sounds like one of those CRLF - DOS; LF - Unix things, but I
inspected the file with a hex editor.  I get the same results whether in
binary (LF only) or text format (CRLF).

Mmm.  I suppose it could be Perl IO::Socket reading something that's
tripping the error, but then, would that be a Cygwin, Perl problem? 
That is, it could be something either of these is doing with regards to
windows/unix IO differences, in which case, it'd seem to me to be a
Cygwin problem, 'cause such should be seamless -- should behave like
Unix, and I'm not seeing the problem on FreeBSD.

The FreeBSD site is running Perl 5.8.0 -- don't know if that's a problem
for Cygwin on Win98 SE, but I suppose I could test that aspect too.

Bryan

> Gerrit
> 
> Am Sonntag, 25. Januar 2004 um 05:46 schriebst du:
> 
> > Greetings,
> 
> > Not sure where to go for help with this.  I've googled, and searched
> > newsgroups relative to Cygwin, Perl, and of course, SpamAssassin, to no
> > avail, though I know it's quite possible this problem's aready been
> > touched on...
> 
> > Running SpamAssassin 2.63, on Cygwin (latest dll (and previous), version
> > 1.5.6-1), with win98, Perl 5.8.2, Net::DNS .45, I'm getting:
> 
> > Failed to run NO_DNS_FOR_FROM SpamAssassin test, skipping:
> >         (Insecure dependency in connect while running with -T switch at
> > /usr/lib/perl5/5.8.2/cygwin-thread-multi-64int/IO/Socket.pm line 114.
> > )
> 
> > Note, this is not the Razor related problem.  I'm not running Razor on
> > the above system.
> 
> > The strange thing is, this error is only triggered with certain Reply-To
> > or From header values in the email on which I run SpamAssassin (SA uses
> > one or the other, in that order).  For instance, if change the input
> > email so that the From, or Reply-to header value is, say test@yahoo.com,
> > all goes well.
> 
> > The error is triggered on domain, customoffers.com, and this, on my
> > system as described above, is faithfully reproducible.
> 
> > Though the Net::DNS demos, mx, perldig, both return good results -- 24
> > mx records, just as that returned when I run SA with the same email
> > message on my ISP's freeBSD server.
> 
> > I've tried playing with SA's input to Net::DNS::mx -- the call
> > originates in SA's EvalTests.pm, in sub check_for_from_dns:
> 
> > my @mx = Net::DNS::mx($self->{res}, $from);
> 
> > -- untainting $from, though it was already assigned the $1 resulting
> > from a regular expression used to remove the email address before, and
> > including the @ symbol -- to get customoffers.com.
> 
> > I also changed EvalTests' parameters to mx, passing in string literals,
> > and that's about where I discovered that it didn't have any problems
> > with other addresses -- just the customoffers.com address.  The error
> > was returned regardless of whether customoffers.com was a literal, and
> > even if I removed the $self->(res) resolver parameter entirely -- which
> > mx will compensate for by simply creating a resolver of its own.
> 
> > I've also tried different versions of SA 2.60, 2.61, with the same
> > results.
> 
> > SA has no problem with this email on freeBSD, and mx, and perldig on
> > Cygwin are Okay with it too.  So I'm having trouble pinning down the
> > problem here.
> 
> > I must admit that I'm relatively new with regards to the internals, and
> > such, of the programatic, system elements involved here.  That said, as
> > near as I can tell, there appears to be a problem.  Any help much
> > appreciated.
> 
> > I've attached the associated spam email, in case of interest.
> 
> > Bryan
> 
> --
> =^..^=

-- 
As a rule I sit quite still, but whenever I move I make a huge leap to
the horror of all those to whom I am bound by the tender bonds of
kinship and friendship. - (Soren Kierkegaard - Either/Or)

http://www.wecs.com/content.htm

This signature file is generated by Pick-a-Tag !
Written by Jeroen van Vaarsel
http://www.google.com/search?hl=en&ie=ISO-8859-1&q=pick-a-tag


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list