Re: [exim] Sieve filters broken due to tainted expansions?

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Michael Haardt
Ημερομηνία:  
Προς: Jeremy Harris via Exim-users
Αντικείμενο: Re: [exim] Sieve filters broken due to tainted expansions?
> ChangeLog, 4.93 :-
>
> JH/32
> Introduce a general tainting mechanism for values read from the input
>    channel, and values derived from them.  Refuse to expand any tainted
> values, to catch one form of exploit.


Ok, so the problem was not in Sieve operation itself, but in the fact that
a Sieve script was read (expanded) from a path that contained $local_part?
If so, why was the script executed?

What's the suggested way to do that for virtual domains, that is many
mailboxes that all belong to the same local user, and which are not
obtained through a lookup, but through the filesystem itself?

Michael