Re: [exim] Another strange log about tainting

Etusivu
Tämä viesti kuuluu seuraavaan säikeeseen:
MNäytä säikeen viestit aikajärjestyksessä
MIan Zimmerman <-
MIan Zimmerman ->
Poista viesti
Vastaa
Lähettäjä: Jeremy Harris
Päiväys:  
Vastaanottaja: exim-users
Aihe: Re: [exim] Another strange log about tainting
On 11/12/2019 00:51, Ian Zimmerman via Exim-users wrote:
> I see now - I call expand_string programatically in my dlexpand
> modules.
>
> So, next question: is the result of expand_string _always_ tainted?

No. Taint should only attach to information from the external
input. However, for dlexpand code it's up to the coder to
manage this since the implementation works by using differently-
tagged memory for tainted/untaintated values. "Manage" here
means: use the right sort of memory for the info you're
putting in it. You can compromise the tainting protection if
you get it wrong.

Memory gotten with a taint flag set is tainted, and attempts
to further expand strings in such memory gets trapped
(with that error message you saw). All other memory (ether gotten with
the taint arg false, or stack-autos, or globals... whatever) is
supposed to be untainted. If something goes wrong with that it's
a bug.

So: what sort of memory were you expanding, and what string was in it
(just "${exim_version}" ? That plus something else (what)? )?

> And
> is there a way to get the version _at run time_ in some other way?

Using $variables _is_ the way.
--
Cheers,
Jeremy

Viesti on lähetetty seuraaville postituslistoille:
Exim-users
Tietoa listasta | Läheiset viestit		<-[exim] eximon 4.93 fails on startupRe: [exim] eximon 4.93 fails on startup->
Tahini and Hummus and Cumin Development Archives ylläpitäjä cumin AdminsLurker (versio 2.3)