On 11/10/20 11:36 PM, Heiko Schlittermann via Exim-users wrote:
> Hi,
>
> I welcome the suggestions, especially the idea about gradually enabling
> taintchecks, to allow a smooth transition, as suggested by Mike Tubby.
>
> taint_mode = yes | no | warn
>
> Another idea from my side (it's similar to Sebastian N's idea)
>
>> begin transports
>> smtp:
>> driver = smtp
>> dkim_domain = $sender_address_domain
>> dkim_selector = 2020-08-25
>> dkim_private_key = /etc/exim/dkim/$dkim_selector.$dkim_domain.pem
> We could provide taint checks for different situations, as the risk of
> using tainted data depends on the usage of the data (filename, log
> message, lookup key, …)
>
> Provide a new set of functions:
>
> ${XXX{<string1>}{<string2>}{<string3>}}
> ${XXX{<string1>}{<string2>}fail}
> ${XXX{<string1>}{<string2>}}
>
> With XXX as
> - file (no "/")
> - path (no "..")
> - line (no "\r", "\n")
> ...
>
> dkim_private_key = /etc/exim/dkim/${file{$dkim_selector.$dkim_domain.pem}}
> or
> dkim_private_key = ${path{/etc/exim/dkim/$dkim_selector.$dkim_domain.pem}}
>
> This can give us flexibility where the current lookup based way of
> untainting doesn't work.
I like the functions idea the best, as tainting is _already_ here, but
really either way could do.
