[exim] New taint mismatch problems in exim 4.93

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Heiko Schlichting
Date:  
À: exim-users
Sujet: [exim] New taint mismatch problems in exim 4.93
Hi,

unfortunately I see taint mismatch problems in 4.93 (HEAD of master¹)
again.

Using a redirect router:

    require_files = <; /file/system/path/${quote_local_part:$local_part}


    or


    file = /file/system/path/${quote_local_part:$local_part}


Error message for local_part "test":

test@??? cannot be resolved at this time: Tainted name '/file/system/path/test' for file read not permitted

$local_part is already checked in ACLs not containing unusual chars and not
starting with a dot.

Any idea?

Regards,
Heiko

¹ commit b273058

Heiko Schlichting                Freie Universität Berlin
heiko.schlichting@???   Zentraleinrichtung für Datenverarbeitung
Telefon +49 30 838-54327         Fabeckstraße 32
Telefax +49 30 838454327         14195 Berlin