[exim-dev] [Bug 2118] sendmail -be and ${run} macro security…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2118] sendmail -be and ${run} macro security problem
https://bugs.exim.org/show_bug.cgi?id=2118

Florian Weimer <fw@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fw@???


--- Comment #6 from Florian Weimer <fw@???> ---
Maybe it would be possible to avoid accepting further command line arguments
after “-f“, but that doesn't seem sufficiently backwards-compatible.

However, it's not clear what performs the token splitting of the “-f” argument
here. There's clearly a very significant bug in there somewhere in the stack.
It's also rather strange that something would pass the “Host:” header contents
unchanged to a sendmail invocation, even if it were a valid domain.

On the other hand, Exim already supports the “--” option list terminator, so
PHP (or whatever calls the sendmail program) just needs to follow recommend
practices for constructing command lines:

https://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes.html#idm225434989808
(Robust argument list processing)

--
You are receiving this mail because:
You are on the CC list for the bug.