Re: [exim] De-taint data

On 26/10/2020 09:53, Gregory Edigarov via Exim-users wrote:
> Having this in config, exim-4.94
>
> local_copy_incoming:
>   driver = appendfile
>   directory = /var/vmail/backup/$domain/$local_part/incoming

Most of this info is in the documentation.

You need to deliberately check that those variable
values, which have been supplied by a potential
attacker, are actually valid on your system. This has to
be done in a way that Exim knows a validated version
of the data that you can use in that "directory" option.

If the local_part is a real user on the system then
the "check_local_user" option on the router selecting
this transport is the simplest way for this component.
A success for that check fills in $local_part_data
with an untainted version of $local_part.

For virtual users (not existing in the password file),
and for domains, you have to do deliberate lookups
in other local sources of data. You might, for example,
have a Postgres DB with your list of locally-serviced
domains. Commonly your router will be checking for these
domains using a "domains" condition. If this condition
uses a lookup then it will populate $domain_data
with an untainted result from the lookup. Likewise, the
"local_parts" option can populate $local_part_data from
a lookup result.
--
Cheers,
Jeremy