Subject: Re: Insecure dependency in eval
To: Martti Kuparinen <firstname.lastname@example.org>
From: Roland Illig <rillig@NetBSD.org>
Date: 11/22/2005 11:40:56
Roland Illig wrote:
> Martti Kuparinen wrote:
>> Any ideas what this is?
>> Unusual System Events
>> Nov 22 04:26:36 p130 spamd: spamd: Insecure dependency in eval
>> while running setuid at
>> line 913.
> The code there looks quite ugly, but _seems_ secure to me (I'll continue
> trying). It tries to distinguish a "safe" regular expression from a
> non-safe, while not adhering to the coding guidelines for Perl's tainted
> mode at all.
> You should report this as an upstream bug.
I have just committed a fix (it's patch-ar) and bumped the PKGREVISION.