Re: [exim] Sieve filters broken due to tainted expansions?

Top Page
Delete this message
Reply to this message
Author: Andrew C Aitchison
Date:  
To: Tobias Klausmann
CC: exim-users
Subject: Re: [exim] Sieve filters broken due to tainted expansions?
On Wed, 8 Jan 2020, Tobias Klausmann via Exim-users wrote:

> Hi!
>
> On Wed, 08 Jan 2020, Andrew C Aitchison via Exim-users wrote:
>> I see from your latest message that
>>      /home/$local_part/... is tainted.
>> Would using $home - and check_local_user to set it - do what you need ?

>
> Indeed that seems to work. I change the earlier config thus:
>
>  $ diff -Naur exim-old.conf exim.conf
>  --- exim-old.conf       2020-01-08 10:02:17.450333630 +0100
>  +++ exim.conf   2020-01-08 10:01:33.290288221 +0100
>  @@ -103,18 +103,20 @@
>   extension_user_verify:
>     driver = accept
>     local_part_suffix = -*
>  -  require_files = /home/$local_part/.mail-extensions
>  +  require_files = $home/.mail-extensions
>     verify_only
>  -  condition = ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}}
>  +  check_local_user
>  +  condition = ${lookup{$local_part_suffix}lsearch{$home/.mail-extensions}{yes}{no}}

>
>   extension_user_delivery_f:
>     driver = redirect
>  +  check_local_user
>     local_part_suffix = -*
>  -  require_files =  /home/$local_part/.mail-extensions:/home/$local_part/.forward
>  -  condition = ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}}
>  +  require_files =  $home/.mail-extensions:$home/.forward
>  +  condition = ${lookup{$local_part_suffix}lsearch{$home/.mail-extensions}{yes}{no}}
>     user=$local_part
>     check_ancestor
>  -  file = /home/$local_part/.forward
>  +  file = $home/.forward
>     allow_filter
>     allow_fail
>     verify=false
>  @@ -125,8 +127,9 @@
>   extension_user_delivery:
>     driver = accept
>     local_part_suffix = -*
>  -  require_files =  /home/$local_part/.mail-extensions
>  -  condition = ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}}
>  +  check_local_user
>  +  require_files =  $home/.mail-extensions
>  +  condition = ${lookup{$local_part_suffix}lsearch{$home/.mail-extensions}{yes}{no}}
>     user=$local_part
>     verify=false
>     transport = local_delivery


If you have check_local_user you shouldn't need user=$local_part as well.

> And this seems to work. I'll test it for a bit and report back.
>
> Is the use of $local_part in the transports seen as safe, or
> should I cange those to use $home as well?


On principle I would say change them too.
If $home and /home/$local_part are different directories which do you want ?
The one from the password file/database or the one derived from the
potential hacker's input ?
If /home fills up and you put a new user on a different
disk/partition/volume $home will still work, but /home/$local_part
would need attention ...

-- 
Andrew C. Aitchison                    Kendal, UK
             andrew@???