Re: [Exim] potential security issue in Exim user filters?

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Philip Hazel
Data:  
Para: Matt Bernstein
CC: exim-users
Asunto: Re: [Exim] potential security issue in Exim user filters?
On Thu, 8 Mar 2001, Matt Bernstein wrote:

> If a user filter file contains a vacation command (or a mail.. expand
> file.. command), the expansions are allowed to perform lookups, eg:
>    ${lookup{powerusers}nis{netgroup}}
> Would I be correct in assuming this applies to SQL etc lookups too?


Yes.

> I'd like to enable expand for my users, but not allow this sort of thing!


RTFM forbid_filter_lookup.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.