Autor: Jeremy Harris Data: A: exim-users Assumpte: Re: [exim] Exim 4.94: "Tainted filename for search: 'select'"
On 18/06/2020 13:20, Felix Schwarz via Exim-users wrote: > sqlite_dbfile = /path/to/user.db
>
> domainlist local_domains = sqlite;select DISTINCT domain from users where
> domain='${quote_sqlite:$domain}' and is_enabled=1;
Two problems.
- the <lookup-type> <semicolon> <file> syntax only applies for
single-key lookup types. sqlite is a query-style.
- that probably leads into the tainting problem, so I'll ignore that
> I assumed that "quote_sqlite" would untain the $domain value but it does not?
No, quoting is for protection against metacharacter intpretation
by sqlite, and has nothing to do with taint. An attacker could
use a domain name with some legal SQL embedded...
Use the ${lookup sqlite ...} syntax.
--
Cheers,
Jeremy