Re: [exim] de-taint a file string

Top Page
Delete this message
Reply to this message
Author: Niels Kobschätzki
Date:  
To: Jeremy Harris
CC: exim-users
Subject: Re: [exim] de-taint a file string


On 13 Jul 2020, at 14:38, Jeremy Harris via Exim-users wrote:

> On 13/07/2020 12:56, Niels Kobschätzki via Exim-users wrote:
>> I am looking through the documentation and the mailing list but I
>> cannot
>> find out how to convert this simple acl:
>>
>>  deny  message = Invalid user
>>         domains =
>> partial-lsearch;/usr/local/etc/exim/conf/secondary_filter_domains
>
>       # you did a search; $domain_data gets the result

>
>>         local_parts =
>> !nwildlsearch;/usr/local/etc/exim/conf/secondary_accounts/$domain
>>
>> When I just switch to $domain_data I get this error
>> failed to open
>> /usr/local/etc/exim/conf/secondary_accounts/194.xxx.xxx.xxx for
>> linear
>> search: No such file or directory
>
>     So the result was "194.xxx.xxx.xxx", which is rather different
> from the equivalent to the $domain that you used to use.

>
> You need to develop a way of both validating the $domain *and* getting
> an untainted string for the file for your lookup checking the
> local_parts condition...
>
> You are validating $domain currently using a partial-lsearch.
> The data isn't currently usable. You could consider whether
> that data is actually needed elsewhere (you're not using it here, so
> far).
> The key in the file isn't usable, if you're employing partial-
> facilities. You could consider whether you really need the partial-
> matching feature.
>
> You could validate by some other means, eg. the actual existence of
> the file you're about to use for the local_parts condition. Hint:
> "dsearch" (and ret-full, possibly).
>
>>
>> And can someone give me a hint how do I test stuff like this? I know
>> there is exim -be, but I have no clue how I could just test if for
>> example:
>> recipient = foo@???
>> the above lookup will look in
>> /usr/local/etc/exim/conf/secondary_accounts/bar.org for “foo”
>
> There's two ways. Well, three.
>
> - For ACL stuff, use the debug facilities and actual test messages.
> This can, depending on the test message source (smtp vs. non-)
> require running the daemon with debug.
> - If you have a message sitting in spool, -bem to set up all the
> variables from it.
> - Sprinkle printf, errm, logwrite liberally around.


Thanks a lot. I will have to see how I work these answers into my
solution.

Niels