Re: [exim] Sieve filters broken due to tainted expansions?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Tobias Klausmann
Datum:  
To: exim-users
Betreff: Re: [exim] Sieve filters broken due to tainted expansions?
Hi!

On Wed, 08 Jan 2020, Andrew C Aitchison wrote:
> On Wed, 8 Jan 2020, Tobias Klausmann via Exim-users wrote:
> >     user=$local_part
> >     verify=false
> >     transport = local_delivery

>
> If you have check_local_user you shouldn't need user=$local_part as well.


Ah, good point, thanks.
>
> > And this seems to work. I'll test it for a bit and report back.
> >
> > Is the use of $local_part in the transports seen as safe, or
> > should I cange those to use $home as well?
>
> On principle I would say change them too.
> If $home and /home/$local_part are different directories which do you want ?
> The one from the password file/database or the one derived from the
> potential hacker's input ?
> If /home fills up and you put a new user on a different
> disk/partition/volume $home will still work, but /home/$local_part
> would need attention ...


Yeah, you're right. I presume I need no extra steps for $home
being defined in the context of the transports?

Best,
Tobias