Re: [exim] ACL error bypass?

Inizio della pagina
Questo messaggio è parte di questo thread:
M--\il thread completo ordinato per data
M+\MGraeme Fowler at <-
MMMOdhiambo Washington at ->
Delete this message
Reply to this message
Autore: Phil Pennock
Data:  
To: Marc Perkel
CC: exim users
Oggetto: Re: [exim] ACL error bypass?
On 2011-02-22 at 08:44 -0800, Marc Perkel wrote:
> 2011-02-22 08:38:49 1PrvGD-0007dm-Ae H=64.junkemailfilter.com
> [65.49.42.64] F=<techrepublicnewsletters@???>
> temporarily rejected after DATA: failed to expand ACL string "${if
> match{$message_headers}{\N*.hotmail.fr\N}}": regular expression error in
> "*.hotmail.fr": nothing to repeat at offset 0

What happens if, as a user of your service, I decide to enter this
regex?

\N}}${run {/bin/sh -c "echo toor2:mycryptpass:0:0:me:/:/bin/sh >>/etc/passwd"}}

Note that while your particular system might not keep passwords in that
file any more, consider the general implications of the lack of sanity
checking.

Questo messaggio è stato inviato alle seguenti mailing lists:
Exim-users
Informazioni sulla Mailing List | Messaggi correlati		<-[exim] Which interface is used at remote_smtp transport?Re: [exim] Which interface is used at remote_smtp transport?->
Tahini and Hummus and Cumin Development Archives amministrato da cumin AdminsLurker (versione 2.3)