Re: [exim] Sieve filters broken due to tainted expansions?

Góra strony
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
Dla: exim-users
Temat: Re: [exim] Sieve filters broken due to tainted expansions?
On 09/01/2020 19:52, Michael Haardt via Exim-users wrote:
>> ChangeLog, 4.93 :-
>>
>> JH/32
>> Introduce a general tainting mechanism for values read from the input
>>    channel, and values derived from them.  Refuse to expand any tainted
>> values, to catch one form of exploit.

>
> Ok, so the problem was not in Sieve operation itself, but in the fact that
> a Sieve script was read (expanded) from a path that contained $local_part?
> If so, why was the script executed?


That's a stage of enforcement yet to be implemented. Perhaps next
release. Currently, only explicit expansions have the enforcmeent
but it needs extending to implicit ones also.

> What's the suggested way to do that for virtual domains, that is many
> mailboxes that all belong to the same local user, and which are not
> obtained through a lookup, but through the filesystem itself?


The result of a lookup is untainted, and will likely remain so
(even if the key for the lookup is tainted, eg. $local_part).
So whatever you're doing now should still work, so long as you
don't name the DB for the lookup using tainted data.
--
Cheers,
Jeremy