Re: [exim] Quoting questions

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MSteffen Heil (Mailinglisten) at <-
MPhil Pennock at ->
Delete this message
Reply to this message
Author: Steffen Heil (Mailinglisten)
Date:  
To: exim-users@exim.org
Subject: Re: [exim] Quoting questions
Hi

> 1) address_data = ${lookup{$local_part@$domain}lsearch*@{FILE
> }{$value}fail}
> 2) server_secret =
${extract{pass}{${lookup{$1}lsearch{FILE}{$value}fail}}}
> 3) server_condition = "${if
> eq{$2}{${extract{pass}{${lookup{$1}lsearch{FILE}{$value}fail}}}}{1}{0}}"
> 4) driver = redirect data = ${expand:${extract{forward}{$address_data}}}

Sorry, I forgot one case:

5) driver = pipe command = /folder/${extract{trigger}{$address_data}}.sh
${extract{trigger_param}{$address_data}{$value}{}}

While I know that "trigger" will always contain safe data, I cannot be sure
about trigger_param.
I am not using a shell from the exim side, but the targets are .sh-scripts,
implicitly invoking a shell.

What do I have to do to make those arguments safe?
Against exim string expansion and against shell expansion (I am not sure, if
it applies in this scenario anyways).

Regards,
Steffen

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Quoting questionsRe: [exim] General protection error->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)