Re: [exim] 4.94 - De-tainting without lookup?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M+\Matthias Hörmann at <-
MMMMatthias Hörmann at ->
Delete this message
Reply to this message
Author: Michael Haardt
Date:  
To: exim-users
Subject: Re: [exim] 4.94 - De-tainting without lookup?
Matthias Hörmann via Exim-users <exim-users@???> wrote:
> This essentially gets me back to where I started. I *want* any domains
> and local parts to be created as part of this process. I can live with
> the case where it won't create paths with dangerous characters (that
> never happened on dozens of servers in years of using this config,
> possibly because we filter addresses for valid characters in our ACLs)
> but I can not live with having to know any possible domain and local
> part in advance.

That is a valid use case. I believe we need an alternative way to
verify tainted strings. The solution Jeremy gave was right in spirit,
but lookups shouldn't be the only way to verify strings. It would be
possible to encode additional verification methods in lookups, though.
Partially dsearch does that by not allowing "." and ".." as keys.
A lookup either returns data or fails, and that's exactly the interface
verification needs.

For file systems, a function/lookup that verifies a part is a path
component (no slash inside), not . or .., and of a certain maximum length,
would be helpful. Perhaps it needs a base directory to use pathconf()?

Michael

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] 4.94 - De-tainting without lookup?Re: [exim] 4.94 - De-tainting without lookup?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)