Re: [Exim] potential security issue in Exim user filters?

Top Page
Delete this message
Reply to this message
Author: Matt Bernstein
Date:  
To: Philip Hazel
CC: exim-users
Subject: Re: [Exim] potential security issue in Exim user filters?
At 16:05 -0000 Philip Hazel wrote:

>> If a user filter file contains a vacation command (or a mail.. expand
>> file.. command), the expansions are allowed to perform lookups, eg:
>>    ${lookup{powerusers}nis{netgroup}}

[snip]
>> I'd like to enable expand for my users, but not allow this sort of thing!
>
>RTFM forbid_filter_lookup.


Thanks for the pointer. D'Oh! I'd clearly spent too long looking at the
filter spec rather than the main spec. Sorry to be a bother..

However, it doesn't appear to work. My director now looks like this:

userforward:
driver = forwardfile
file = /coppermail/forward_files/forward.${local_part}.copper
no_verify
no_expn
check_ancestor
filter
forbid_filter_existstest
forbid_filter_lookup
file_transport = address_file
# the address_pipe transport only lets you run /usr/local/sbin/mail/holiday
pipe_transport = address_pipe
reply_transport = address_reply
group = www

..but (even after giving the listener SIGHUP) I can still get a vacation
message to do a NIS lookup.

Matt