[Exim] potential security issue in Exim user filters?

Pàgina inicial
Delete this message
Reply to this message
Autor: Matt Bernstein
Data:  
A: exim-users
Assumpte: [Exim] potential security issue in Exim user filters?
If a user filter file contains a vacation command (or a mail.. expand
file.. command), the expansions are allowed to perform lookups, eg:
    ${lookup{powerusers}nis{netgroup}}
Would I be correct in assuming this applies to SQL etc lookups too?
I'd like to enable expand for my users, but not allow this sort of thing!


Matt (about to re-subscribe now he's got Exim working in his new job :)