Re: [exim] tainted data issues

Top Page
Delete this message
Reply to this message
Author: Gregory Edigarov
Date:  
To: exim-users
Subject: Re: [exim] tainted data issues


On 11/10/20 11:36 PM, Heiko Schlittermann via Exim-users wrote:
> Hi,
>
> I welcome the suggestions, especially the idea about gradually enabling
> taintchecks, to allow a smooth transition, as suggested by Mike Tubby.
>
>    taint_mode = yes | no | warn

>
> Another idea from my side (it's similar to Sebastian N's idea)
>
>>    begin transports
>>      smtp:
>>        driver = smtp
>>        dkim_domain = $sender_address_domain
>>        dkim_selector = 2020-08-25
>>        dkim_private_key = /etc/exim/dkim/$dkim_selector.$dkim_domain.pem
> We could provide taint checks for different situations, as the risk of
> using tainted data depends on the usage of the data (filename, log
> message, lookup key, …)

>
> Provide a new set of functions:
>
>          ${XXX{<string1>}{<string2>}{<string3>}}
>          ${XXX{<string1>}{<string2>}fail}
>          ${XXX{<string1>}{<string2>}}

>
> With XXX as
>          - file  (no "/")
>          - path  (no "..")
>          - line  (no "\r", "\n")
>          ...

>
>          dkim_private_key = /etc/exim/dkim/${file{$dkim_selector.$dkim_domain.pem}}
>          or
>          dkim_private_key = ${path{/etc/exim/dkim/$dkim_selector.$dkim_domain.pem}}

>
> This can give us flexibility where the current lookup based way of
> untainting doesn't work.

I like the functions idea the best, as tainting is _already_ here, but
really either way could do.