Re: [exim] Suggestion: detainting via string exp

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Andrew C Aitchison
日付:  
To: Sebastian Nielsen
CC: exim-users
題目: Re: [exim] Suggestion: detainting via string exp
On Wed, 3 Jun 2020, Sebastian Nielsen via Exim-users wrote:

> I have a suggestion, and that is to allow detainting of data via a
> new string expansion called
> detaint.${detaint{<string>}{<charlist>}}Idea is that you supply the
> string you want detainted, and a "permitted character list" where
> all characters not on that list will be deleted.However, <charlist>
> must be untainted. Would even be better to completely disable string
> expansion for <charlist>.Example:if $domain contains
> "sebbe.eu/../../../../etc/passwd" then
> ${detaint{$domain}{abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.}}
> will return: sebbe.eu........etcpasswd in detainted form - which
> will be safe to use as a filename OF COURSE its the system
> administrator's resposibility to supply a character list that is
> "safe" for the use case of said tainted data.Since of the new
> stricter taint rules, system administrators shouldn't need to
> specify complete domain whitelists, its better to allow for "any
> domain" as long as this "any domain" is scrubbed from any unsafe
> data.


"Safe" as in will create a valid file, but not necessarily a unique one
eg 3.com.com and 3com.com will use the same file
(these are both real addresses:
# host -t mx 3.com.com
3.com.com mail is handled by 10 mx203.inbound-mx.net.
3.com.com mail is handled by 10 mx203.inbound-mx.org.
# host -t mx 3com.com
3com.com mail is handled by 10 mxa-00010e01.gslb.pphosted.com.
3com.com mail is handled by 10 mxb-00010e01.gslb.pphosted.com.
).

And what about domain names with special (ie non-ascii) characters ?
Did you know that .eu also maintains Greek and Cyrillic top level domains - see
https://eurid.eu/en/register-a-eu-domain/domain-names-with-special-characters-idns/

-----------------------

Exim has several hash functions. A hash of $domain is not as human readable
as your suggestion, but it would be a reasonable alternative filename,
although I have not verified that hashing untaints a string.

-- 
Andrew C. Aitchison                    Kendal, UK
             andrew@???