On Jun 28, 2000 Jonathan Haynes <J.Haynes@???> wrote:
> On Wed, 28 Jun 2000 15:35:14 +0100 (BST) Philip Hazel
> <ph10@???> wrote:
> > > > require_files = TABLES/forwardfiles/${local_part}.response
> > Consider what happens if ${local_part} ends up containing a colon.
> Give that man a beer!!
OK. So now the JRH can put in a condition something like
condition = "${if match{$local_part}{:}fail}
in the director (I suspect I have that wrong, but a bit of playing with
expansions should do it). But is that an time to ask for another feature,
like
require_file_nolist
which is exactly like require_files, but will not be treated as a colon
separated list.
I know that this is obscure, but someone could use that director and
problem to test the existence of files on the system by sending mail to
:/file/to/test@???
and might get a 4xx if the file doesn't exist and an unknown user if the
file does exist. (Actually, I'm not certain of that as the particular
director that has this require_files would get triggered and would
probably break in otherways here.)
In general this is a warning that we should all look through our
configs for all expansions of sender generated strings and see whether
anyone can do anything nasty by sending something pathological.
-j
--
Jeffrey Goldberg
Note: I am moving and changing many addresses, please see
http://www.goldmark.org/jeff/contact.html
Relativism is the triumph of convention over truth, authority over justice
