[exim] [taint] $local_part in require files

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
Subject: [exim] [taint] $local_part in require files
Hello,

4.94rc0 spect.txt has the following in the section about require_files:
--------
During delivery, the stat() function is run as root, but there is a
facility for some checking of the accessibility of a file by another
user. This is not a proper permissions check, but just a "rough" check
that operates as follows:

If an item in a require_files list does not contain any forward slash
characters, it is taken to be the user (and optional group, separated by
a comma) to be checked for subsequent files in the list. If no group is
specified but the user is specified symbolically, the gid associated
with the uid is used. For example:

require_files = mail:/some/file
require_files = $local_part:$home/.procmailrc

If a user or group name in a require_files list does not exist, the
require_files condition fails.
--------

Afaict practically it does not make a difference but shouldn't it better
read

"require_files = $local_part_verified:$home/.procmailrc"

for consistency's sake. (To get in the right mindset and avoid using
"$local_part" for filename, commands or user specification.)

I am not sure that is why I asking first instead of posting a patch. :-)

cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'