On 02/03/2020 10:40, Heiko Schlichting via Exim-users wrote:
> file = /file/system/path/${quote_local_part:$local_part}
>
> Error message for local_part "test":
>
> test@??? cannot be resolved at this time: Tainted name '/file/system/path/test' for file read not permitted
You should not use $local_part to define a filename since it is supplied
by a potential attacker; Exim now enforces this despite whatever
checking you are doing to sanitise values.
It is permitted to use a tainted value as key for a lookup; the
result is treated as being non-tainted. This is the preferred
way of saying what filename to use.
No doubt there are convoluted ways of manipulating Exim to defeat
taint-tracking, but it's been made nontrivial so that people
don't just cargo-cult a policy of using unsafe values.
--
Cheers,
Jeremy
