Re: [Exim] potential security issue in Exim user filters?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Philip Hazel
Date:  
À: Matt Bernstein
CC: exim-users
Sujet: Re: [Exim] potential security issue in Exim user filters?
On Thu, 8 Mar 2001, Matt Bernstein wrote:

> If a user filter file contains a vacation command (or a mail.. expand
> file.. command), the expansions are allowed to perform lookups, eg:
>    ${lookup{powerusers}nis{netgroup}}
> Would I be correct in assuming this applies to SQL etc lookups too?


Yes.

> I'd like to enable expand for my users, but not allow this sort of thing!


RTFM forbid_filter_lookup.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.