[exim] Tainted string changes 4.93

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MRobert Blayzor at ->
Delete this message
Reply to this message
Author: Robert Blayzor
Date:  
To: exim-users
Subject: [exim] Tainted string changes 4.93
Since we follow the freebsd ports tree a little too carefully we were
bitten by the tainted string changes in 4.93.

We use a system aliases file that calls pipe transport ulimately and we
see in error log now:

Tainted '/bin/smssend -e -c foo' (command for address_pipe transport)
not permitted


where our alias file hits: 

^sms\+      "| /bin//smssend -e -c ${sg{$local_part}{^sms.(.*)}{\$1}}"



Basically we look for any local part that is "sms#########" and pipe
just that part to our external...

Now with tainted strings we cannot do that. Whats the easy fix?


--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP: https://pgp.inoc.net/rblayzor/

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] 4.94 - De-tainting without lookup?Re: [exim] Tainted string changes 4.93->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)