[Exim] potential security issue in Exim user filters?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MPhilip Hazel at ->
Delete this message
Reply to this message
Author: Matt Bernstein
Date:  
To: exim-users
Subject: [Exim] potential security issue in Exim user filters?
If a user filter file contains a vacation command (or a mail.. expand
file.. command), the expansions are allowed to perform lookups, eg:
    ${lookup{powerusers}nis{netgroup}}
Would I be correct in assuming this applies to SQL etc lookups too?
I'd like to enable expand for my users, but not allow this sort of thing!


Matt (about to re-subscribe now he's got Exim working in his new job :)



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Format error in spool fileRe: [Exim] Format error in spool file->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)