Re: [exim] Exim 4.94: "Tainted filename for search: 'select'…

Pàgina inicial
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
A: exim-users
Assumpte: Re: [exim] Exim 4.94: "Tainted filename for search: 'select'"
On 18/06/2020 13:20, Felix Schwarz via Exim-users wrote:
> sqlite_dbfile = /path/to/user.db
>
> domainlist local_domains = sqlite;select DISTINCT domain from users where
> domain='${quote_sqlite:$domain}' and is_enabled=1;


Two problems.

- the <lookup-type> <semicolon> <file> syntax only applies for
single-key lookup types. sqlite is a query-style.
- that probably leads into the tainting problem, so I'll ignore that

> I assumed that "quote_sqlite" would untain the $domain value but it does not?


No, quoting is for protection against metacharacter intpretation
by sqlite, and has nothing to do with taint. An attacker could
use a domain name with some legal SQL embedded...

Use the ${lookup sqlite ...} syntax.
--
Cheers,
Jeremy