Re: [exim] New taint mismatch problems in exim 4.93

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-users
Betreff: Re: [exim] New taint mismatch problems in exim 4.93
On 02/03/2020 10:40, Heiko Schlichting via Exim-users wrote:
>     file = /file/system/path/${quote_local_part:$local_part}

>
> Error message for local_part "test":
>
> test@??? cannot be resolved at this time: Tainted name '/file/system/path/test' for file read not permitted


You should not use $local_part to define a filename since it is supplied
by a potential attacker; Exim now enforces this despite whatever
checking you are doing to sanitise values.

It is permitted to use a tainted value as key for a lookup; the
result is treated as being non-tainted. This is the preferred
way of saying what filename to use.

No doubt there are convoluted ways of manipulating Exim to defeat
taint-tracking, but it's been made nontrivial so that people
don't just cargo-cult a policy of using unsafe values.

--
Cheers,
Jeremy