Re: [exim] Tainting & rewrite rules

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Evgeniy Berdnikov at <-
MMAndreas Metzler at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Tainting & rewrite rules
On 13/01/2020 18:46, Evgeniy Berdnikov via Exim-users wrote:
> Surprised that tainting mechanizm requires some knowledge about
> address space mapping or RTL internals. I'd expect "tainting" to be
> simply a flag in some structure attached to the string.

An exim string is is just a C string; there's no sophistication
at all. The taint is carried via the memory pools used for allocation
of the memory for the strings, and the wish during development for
taint-checking to be high-performance led to the observation that,
for Linux, malloc'd (i.e. sbrk-derived, heap) address space was
distinct from mmap'd address space. This meant that a couple of
address compares were all that was needed to evaluate "is this
string tainted?", the memory used for tainted values being
allocated using mmap. The various BSDs appear to intermix the
address-space used for sbrk with mmap so that trick cannot be
used; the build uses a #define to say so and the "is it tainted"
predicate walks the list of tainted memory pool regions checking
start and end addresses.

--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Tainting & rewrite rulesRe: [exim] Tainting & rewrite rules->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)