Re: [Exim] potential security issue in Exim user filters?

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Philip Hazel
Ημερομηνία:  
Προς: Matt Bernstein
Υ/ο: exim-users
Αντικείμενο: Re: [Exim] potential security issue in Exim user filters?
On Thu, 8 Mar 2001, Matt Bernstein wrote:

> If a user filter file contains a vacation command (or a mail.. expand
> file.. command), the expansions are allowed to perform lookups, eg:
>    ${lookup{powerusers}nis{netgroup}}
> Would I be correct in assuming this applies to SQL etc lookups too?


Yes.

> I'd like to enable expand for my users, but not allow this sort of thing!


RTFM forbid_filter_lookup.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.