On 09/01/2020 19:52, Michael Haardt via Exim-users wrote:
>> ChangeLog, 4.93 :-
>>
>> JH/32
>> Introduce a general tainting mechanism for values read from the input
>> channel, and values derived from them. Refuse to expand any tainted
>> values, to catch one form of exploit.
>
> Ok, so the problem was not in Sieve operation itself, but in the fact that
> a Sieve script was read (expanded) from a path that contained $local_part?
> If so, why was the script executed?
That's a stage of enforcement yet to be implemented. Perhaps next
release. Currently, only explicit expansions have the enforcmeent
but it needs extending to implicit ones also.
> What's the suggested way to do that for virtual domains, that is many
> mailboxes that all belong to the same local user, and which are not
> obtained through a lookup, but through the filesystem itself?
The result of a lookup is untainted, and will likely remain so
(even if the key for the lookup is tainted, eg. $local_part).
So whatever you're doing now should still work, so long as you
don't name the DB for the lookup using tainted data.
--
Cheers,
Jeremy
