[Exim] potential security issue in Exim user filters?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Matt Bernstein
Datum:  
To: exim-users
Betreff: [Exim] potential security issue in Exim user filters?
If a user filter file contains a vacation command (or a mail.. expand
file.. command), the expansions are allowed to perform lookups, eg:
    ${lookup{powerusers}nis{netgroup}}
Would I be correct in assuming this applies to SQL etc lookups too?
I'd like to enable expand for my users, but not allow this sort of thing!


Matt (about to re-subscribe now he's got Exim working in his new job :)