Hello,
if one wants to use the features accessible with inclusion
of lines from files as list items (wildcarding, regular expressions,
maybe reference of named lists, other special elements),
one in general cannot use an lsearch-type lookup instead.
This is a problem if those files are user supplied data
(e.g. they are some kind of white list with sender addresses)
though, because it's possible to use lookups as items.
Through this feature one can indirectly access other
local files (restricted by OS access control, of course,
but that may not be enough) and with query type lookups
maybe do more than intended in other ways).
Apart from checking the file in the user interface before
exim accesses it, do you see another way to handle this "hole"?
Would a feature to disable certain features (lookups,
reference to named lists) when accessing files as list items
be sensible (like the forbid_filter_* options of the
redirect router)?
(The same situation exists with lookups in local parts
of the @@lookup construct.)
Lutz
--
Lutz Preßler <Lutz.Pressler@???> http://www.SerNet.DE/
SerNet Service Network GmbH, Bahnhofsallee 1b, D-37081 Göttingen
Tel.: +49-551-370000-2, FAX: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
