Hi,
I welcome the suggestions, especially the idea about gradually enabling
taintchecks, to allow a smooth transition, as suggested by Mike Tubby.
taint_mode = yes | no | warn
Another idea from my side (it's similar to Sebastian N's idea)
> begin transports
> smtp:
> driver = smtp
> dkim_domain = $sender_address_domain
> dkim_selector = 2020-08-25
> dkim_private_key = /etc/exim/dkim/$dkim_selector.$dkim_domain.pem
We could provide taint checks for different situations, as the risk of
using tainted data depends on the usage of the data (filename, log
message, lookup key, …)
Provide a new set of functions:
${XXX{<string1>}{<string2>}{<string3>}}
${XXX{<string1>}{<string2>}fail}
${XXX{<string1>}{<string2>}}
With XXX as
- file (no "/")
- path (no "..")
- line (no "\r", "\n")
...
dkim_private_key = /etc/exim/dkim/${file{$dkim_selector.$dkim_domain.pem}}
or
dkim_private_key = ${path{/etc/exim/dkim/$dkim_selector.$dkim_domain.pem}}
This can give us flexibility where the current lookup based way of
untainting doesn't work.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
