Re: [Exim] potential security issue in Exim user filters?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMatt Bernstein at <-
MMatt Bernstein at ->
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Matt Bernstein
CC: exim-users
Subject: Re: [Exim] potential security issue in Exim user filters?
On Thu, 8 Mar 2001, Matt Bernstein wrote: 

> If a user filter file contains a vacation command (or a mail.. expand
> file.. command), the expansions are allowed to perform lookups, eg:
>    ${lookup{powerusers}nis{netgroup}}
> Would I be correct in assuming this applies to SQL etc lookups too?

Yes.

> I'd like to enable expand for my users, but not allow this sort of thing!

RTFM forbid_filter_lookup. 

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] over-quota delivery failure textRe: [Exim] Ldap servers->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)