Re: [exim] [exim-dev] [Bug 2636] usage of local_part in vir…

> #COMMENT#57:
> virtual_localdelivery:
>    driver = appendfile
>    create_directory
>    delivery_date_add
>    directory_mode = 770
>    envelope_to_add
>    directory =
> "${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}}lsearch{/etc/passwd}{$value}}}}/imap/${domain_data}/${local_part_data}/Maildir"
>    maildir_format
>    group = mail
>    mode = 660
>    return_path_add
>    user =
> "${lookup{$domain_data}lsearch*{/etc/virtual/domainowners}{$value}}"
>    quota = ${if
> exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain_data}/quota}{$value}{0}}}{0}}
>    .include_if_exists /etc/exim/virtual_localdelivery.conf.post

> I'm not an expert on this stuff, but ...
> the directory line has ${local_part_data} so that variable should
> be available in the quota line.
> I *guess* that changing that line to
>    quota = ${if
> exists{/etc/virtual/${domain}/quota}{${lookup{$local_part_data}lsearch*{/etc/virtual/${domain_data}/quota}{$value}{0}}}{0}}
> ( sed -e /quota/s/local_part/local_part_data/ )
> should solve this particular taint.

>   Warning: the content of this variable is usually provided by a
>   potential attacker. Consider carefully the implications of using it
>   unvalidated as a name for file access. This presents issues for
>   usersâ?? .forward and filter files.
>          ...          ...
>   For virtual users, store a suitable pathname component in the database
>   which is used for account name validation, and use that retrieved
>   value rather than this variable. Often $local_part_data is usable in
>   this role. If needed, use a router address_data or set option for the
>   retrieved data.

> --
> Andrew C. Aitchison                                     Kendal, UK
>                         andrew@???