Re: [exim] Sieve filters broken due to tainted expansions?

Top Page

Reply to this message
Author: Andrew C Aitchison
Date:  
To: Tobias Klausmann
CC: exim-users
Subject: Re: [exim] Sieve filters broken due to tainted expansions?
On Tue, 7 Jan 2020, Tobias Klausmann via Exim-users wrote:

> Hey,
>
> I'm running exim in this configuration:
>
> 17:28:39 64561 Exim version 4.93.0.3 uid=0 gid=0 pid=64561 D=fff9ffff
> Support for: crypteq iconv() IPv6 PAM Perl TCPwrappers OpenSSL Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PRDR TCP_Fast_Open
> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch passwd
> Authenticators: cram_md5 cyrus_sasl plaintext spa
> Routers: accept dnslookup ipliteral manualroute queryprogram redirect
> Transports: appendfile/maildir/mailstore autoreply pipe smtp
> Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
> Fixed never_users: 0
> Configure owner: 0:0
> Size of off_t: 8
> Compiler: GCC [9.2.0]
> Library version: Glibc: Compile: 2.30
>                        Runtime: 2.30
> Library version: BDB: Compile: Berkeley DB 5.3.28: (September  9, 2013)
>                      Runtime: Berkeley DB 5.3.28: (September  9, 2013)
> Library version: OpenSSL: Compile: OpenSSL 1.1.1d  10 Sep 2019
>                          Runtime: OpenSSL 1.1.1d  10 Sep 2019
>                                 : built on: Tue Dec  3 18:07:39 2019 UTC
> Library version: IDN2: Compile: 2.3.0
>                       Runtime: 2.3.0
> Library version: Stringprep: Compile: 1.35
>                             Runtime: 1.35
> Library version: Cyrus SASL: Compile: 2.1.27
>                             Runtime: 2.1.27 [Cyrus SASL]
> Library version: PCRE: Compile: 8.43
>                       Runtime: 8.43 2019-02-23

>
> I have a special user router setup:
>
>  extension_user_delivery_f:
>    driver = redirect
>    local_part_suffix = -*
>    require_files =  /home/$local_part/.mail-extensions:/home/$local_part/.forward
>    condition = ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}}
>    user=$local_part
>    check_ancestor
>    file = /home/$local_part/.forward
>    allow_filter
>    allow_fail
>    verify=false
>    file_transport = address_file
>    pipe_transport = address_pipe
>    reply_transport = address_reply


I see from your latest message that
     /home/$local_part/... is tainted.
Would using $home - and check_local_user to set it - do what you need ?


-- 
Andrew C. Aitchison                    Kendal, UK
             andrew@???