Odd emit when starting amavisd 2.8.0

[Quanah Gibson-Mount]

I just upgraded to amavisd-new 2.8.0, and I see the following emitted when
I start up:

zimbra@zre-ldap002:~$ zmamavisdctl start
Starting amavisd...Amavis::Util: can't obtain a tainted string at
/opt/zimbra/amavisd/sbin/amavisd line 2609.
done.

zimbra@zre-ldap002:~$ echo $?
0

It doesn't appear to stop amavis from running:

zimbra@zre-ldap002:~$ ps -eaf | grep amavis
zimbra 6174 1 0 09:01 ? 00:00:00
/opt/zimbra/amavisd/sbin/amavisd (master)
zimbra 6175 6174 0 09:01 ? 00:00:00
/opt/zimbra/amavisd/sbin/amavisd (virgin child)
zimbra 6176 6174 0 09:01 ? 00:00:00
/opt/zimbra/amavisd/sbin/amavisd (virgin child)
zimbra 6177 6174 0 09:01 ? 00:00:00
/opt/zimbra/amavisd/sbin/amavisd (virgin child)
zimbra 6178 6174 0 09:01 ? 00:00:00
/opt/zimbra/amavisd/sbin/amavisd (virgin child)
zimbra 6179 6174 0 09:01 ? 00:00:00
/opt/zimbra/amavisd/sbin/amavisd (virgin child)
zimbra 6180 6174 0 09:01 ? 00:00:00
/opt/zimbra/amavisd/sbin/amavisd (virgin child)
zimbra 6181 6174 0 09:01 ? 00:00:00
/opt/zimbra/amavisd/sbin/amavisd (virgin child)
zimbra 6182 6174 0 09:01 ? 00:00:00
/opt/zimbra/amavisd/sbin/amavisd (virgin child)
zimbra 6183 6174 0 09:01 ? 00:00:00
/opt/zimbra/amavisd/sbin/amavisd (virgin child)
zimbra 6184 6174 0 09:01 ? 00:00:00
/opt/zimbra/amavisd/sbin/amavisd (virgin child)
zimbra 6195 3166 0 09:01 pts/0 00:00:00 grep amavis


The block in question is:

2602 use vars qw($enc_ascii $enc_utf8 $enc_tainted);
2603 BEGIN {
2604 $enc_ascii = Encode::find_encoding('ascii');
2605 $enc_utf8 = Encode::find_encoding('UTF-8');
2606 $enc_ascii or die "Amavis::Util: unknown encoding 'ascii'";
2607 $enc_utf8 or die "Amavis::Util: unknown encoding 'UTF-8'";
2608 $enc_tainted = substr($ENV{PATH}.$ENV{HOME}, 0,0); # tainted empty
string
2609 tainted($enc_tainted) or warn "Amavis::Util: can't obtain a tainted
string";
2610 1;
2611 }


Any idea what the cause is?

Thanks,
Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration

[Mark Martinec]

Quanah,

> I just upgraded to amavisd-new 2.8.0, and I see the following emitted
> when I start up:
>

> $ zmamavisdctl start
> Starting amavisd...Amavis::Util: can't obtain a tainted string at
> /opt/zimbra/amavisd/sbin/amavisd line 2609.

> The block in question is:

> 2608 $enc_tainted = substr($ENV{PATH}.$ENV{HOME}, 0,0);

> 2609 tainted($enc_tainted) or warn "Amavis::Util: can't obtain a
> tainted string";

> Any idea what the cause is?

Funny. Will investigate when I get home.
It is harmless in itself, but shows that some of the Perl's
taint checks will be less effective. Are you perhaps
removing the -t flag from the first line in a file 'amavisd'?

What version of Perl is this? OS is Linux I presume.

Mark

[Quanah Gibson-Mount]

--On Saturday, July 14, 2012 2:29 PM +0200 Mark Martinec

Yes, we are, although I don't recall the reasons behind it. Something I
inherited. I will see if it is still necessary.

> What version of Perl is this? OS is Linux I presume.

This is perl, v5.10.1 (*) built for x86_64-linux-gnu-thread-multi, Ubuntu
10 LTS

--Quanah

[Quanah Gibson-Mount]

--On Monday, July 16, 2012 10:18 AM -0700 Quanah Gibson-Mount

<qua...@zimbra.com> wrote:

>> Funny. Will investigate when I get home.
>> It is harmless in itself, but shows that some of the Perl's
>> taint checks will be less effective. Are you perhaps
>> removing the -t flag from the first line in a file 'amavisd'?
>
> Yes, we are, although I don't recall the reasons behind it. Something I
> inherited. I will see if it is still necessary.

Removing taint was due to the fact we set PERL5LIB so that amavisd can find
the modules we ship. PERL5LIB varies depending on OS.

As an improved solution, I've instead made it so that amavisd now untaints
perl5lib:

use lib $ENV{PERL5LIB} =~ /([^:]+)/g;

and re-enabled taint. It appears to run just fine with that solution in
place.