Re: [exim] Another strange log about tainting

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MIan Zimmerman at <-
MIan Zimmerman at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Another strange log about tainting
On 11/12/2019 00:51, Ian Zimmerman via Exim-users wrote:
> I see now - I call expand_string programatically in my dlexpand
> modules.
>
> So, next question: is the result of expand_string _always_ tainted?

No. Taint should only attach to information from the external
input. However, for dlexpand code it's up to the coder to
manage this since the implementation works by using differently-
tagged memory for tainted/untaintated values. "Manage" here
means: use the right sort of memory for the info you're
putting in it. You can compromise the tainting protection if
you get it wrong.

Memory gotten with a taint flag set is tainted, and attempts
to further expand strings in such memory gets trapped
(with that error message you saw). All other memory (ether gotten with
the taint arg false, or stack-autos, or globals... whatever) is
supposed to be untainted. If something goes wrong with that it's
a bug.

So: what sort of memory were you expanding, and what string was in it
(just "${exim_version}" ? That plus something else (what)? )?

> And
> is there a way to get the version _at run time_ in some other way?

Using $variables _is_ the way.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] eximon 4.93 fails on startupRe: [exim] eximon 4.93 fails on startup->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)