Re: [exim] tainted data issues

Top Page
Delete this message
Reply to this message
Author: Chris Siebenmann
Date:  
To: exim-users
Subject: Re: [exim] tainted data issues
Jeremy Harris:
> > Semi-radical: provide an ACL, router, and transport modifier that
> > checks some variable or content for dangerous contents
>
> We have that. All data provided by an untrusted source, described
> as "tainted" for a shorthand.


Tainted variables contain potentially dangerous contents, not actually
dangerous contents. Most of the time, the contents of tainted variables
are not dangerous, but sometimes they are. I think that it would be
useful for Exim to provide assistance in telling the two apart.

I say this because I strongly believe that people are going to
write Exim configuration code that de-taints variables in brute
force ways (and the more that Exim doesn't provide mechanisms to
do relatively arbitrary 'safe' de-tainting, the more that people
are going to do so). I think it's relatively important to let
people guard these de-taintings with safety checks, such as 'is
there dangerous content here'.

Also, even with relatively safe de-tainting, sometimes I would rather
reject funny content immediately. This is actually a relatively popular
thing to do today in ad-hoc ways; for example, the Debian 'split' Exim
configuration has for years shipped with a set of checks for dangerous
characters in local parts. Sysadmins can maybe write these checks
in Exim configurations themselves, but in ad-hoc ways and sysadmins
probably don't know as much about what things are dangerous (or valid)
in various conditions as other people do.

    - cks