Keeping current with SpamAssassin rules
Posted Dec 7, 2006 12:16 UTC (Thu) by NAR
Parent article: Keeping current with SpamAssassin rules
More worrisome, however, is the fact that the update mechanism allows for plugins to be distributed, leading to potential arbitrary code execution.
I guess it's true for all kind automated updating of software from non-trustworthy places, not just SA plugins written in perl. I mean if I'd have an "apt-get update; apt-get upgrade -y" from cron and one of the sites listed in the sources.list file is compromised, I could have a similar problem, a trojan sshd or something like that.
to post comments)