On Thu, 25 Jul 2019, Russell King via Exim-users wrote:
> On Thu, Jul 25, 2019 at 10:04:19AM +0100, Jeremy Harris via Exim-users wrote:
>> If the effective configuration file for exim does not use sort
>> then the system is trivially declarable as not being vulnerable.
>> Use this command to check: "exim -bP config | grep sort".
>
> The grep expression seems to be a bit over-zealous - it'll pick up
> on, e.g., "remote_sort_domains" rather than just the sort expansion
> operator. Or is "remote_sort_domains" also implicated?
>
> If it's just the ${sort operator you're after, I think you want the
> grep to be:
>
> grep '\${[[:space:]]*sort'
>
> ?
I read "trivially declarable as not being vulnerable" as saying that
failing the grep test was a necessary but not sufficient condition
for being exploitable,. ie:
If there is no "sort" in your running config you are safe.
If "sort" *is* present, then you need to engage brain ...
Your test *may* be precise and accurate, but without further research
Jeremy may not have been able to be sure that it would work on all
platforms ...
