[Bug 149698] New: kmail_clamav.sh tempfile not accessible to clamd
Mark Atkinson
kde at mark-atkinson.co.uk
Sun Sep 9 11:59:42 BST 2007
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugs.kde.org/show_bug.cgi?id=149698
Summary: kmail_clamav.sh tempfile not accessible to clamd
Product: kmail
Version: 1.9.6
Platform: Mandriva RPMs
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
AssignedTo: kdepim-bugs kde org
ReportedBy: kde mark-atkinson co uk
Version: 1.9.6 (using KDE KDE 3.5.6)
Installed from: Mandriva RPMs
OS: Linux
The TEMPFILE created to allow clamd to analyse an email is not accessible to clamd. Mandriva added something similar to the bugfix 86090 but it did not take into account that the first line would succeed but still not be accessible to clamd as sole user clamav. On my system $TMPDIR is set to $HOME/tmp. So with the following I get a temporary file in $HOME/tmp that becomes world readable (-rw-r--r--) before the scan but $HOME/tmp itself is drw-------.
TEMPFILE=`mktemp`
if [ $? != 0 ] ; then
TEMPFILE=`mktemp /tmp/kmail.XXXXXX`
fi
In some cases I received an lstat() error other times an Access Permission denied message when run from the console.
Presently, I think there is little alternative to creating the temp file in /tmp. I am of course asking another user (ClamAV) to scan my temporary file so it seems kosher. Is there an efficient test one user can do to ensure another user can access a file?
In lieu of that I suggest we adopt the following as the default.
TEMPFILE=`mktemp /tmp/kmail.XXXXXX`
Alternatively, provide the tempfile directory location as an input parameter for those with particular needs.
More information about the Kdepim-bugs
mailing list