Re: [exim] Exim 4.94: "Tainted filename for search: 'select'…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MFelix Schwarz at <-
MFelix Schwarz at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Exim 4.94: "Tainted filename for search: 'select'"
On 18/06/2020 13:20, Felix Schwarz via Exim-users wrote:
> sqlite_dbfile = /path/to/user.db
>
> domainlist local_domains = sqlite;select DISTINCT domain from users where
> domain='${quote_sqlite:$domain}' and is_enabled=1;

Two problems.

- the <lookup-type> <semicolon> <file> syntax only applies for
single-key lookup types. sqlite is a query-style.
- that probably leads into the tainting problem, so I'll ignore that

> I assumed that "quote_sqlite" would untain the $domain value but it does not?

No, quoting is for protection against metacharacter intpretation
by sqlite, and has nothing to do with taint. An attacker could
use a domain name with some legal SQL embedded...

Use the ${lookup sqlite ...} syntax.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] option -MCdRe: [exim] Tainted filename for search in Exim 4.94-1->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)