Re: [exim] 4.94 - De-tainting without lookup?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Michael Haardt
Datum:  
To: exim-users
Betreff: Re: [exim] 4.94 - De-tainting without lookup?
Matthias Hörmann via Exim-users <exim-users@???> wrote:
> This essentially gets me back to where I started. I *want* any domains
> and local parts to be created as part of this process. I can live with
> the case where it won't create paths with dangerous characters (that
> never happened on dozens of servers in years of using this config,
> possibly because we filter addresses for valid characters in our ACLs)
> but I can not live with having to know any possible domain and local
> part in advance.


That is a valid use case. I believe we need an alternative way to
verify tainted strings. The solution Jeremy gave was right in spirit,
but lookups shouldn't be the only way to verify strings. It would be
possible to encode additional verification methods in lookups, though.
Partially dsearch does that by not allowing "." and ".." as keys.
A lookup either returns data or fails, and that's exactly the interface
verification needs.

For file systems, a function/lookup that verifies a part is a path
component (no slash inside), not . or .., and of a certain maximum length,
would be helpful. Perhaps it needs a base directory to use pathconf()?

Michael