Re: [exim] Sqlite Lookup absolute filename (was Exim 4.94.2 …

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Evgeniy Berdnikov
Datum:  
To: exim-users
Betreff: Re: [exim] Sqlite Lookup absolute filename (was Exim 4.94.2 - security update released)
On Tue, May 04, 2021 at 08:39:43PM +0100, Jeremy Harris via Exim-users wrote:
> On 04/05/2021 20:10, Victor Ustugov via Exim-users wrote:
> > Why? Many years it was possible to execute queries to different SQLite
> > databases. Why do you want to drop this feathure?
>
> The syntax doesn't fit being able to check for tainted data being used.


Why? It sounds strange that *syntax* influences such operational details
as presense of tainting checks.

> We need to invent some new syntax in order to re-enable the
> facility, and nobody has done that yet.


What's the problem? Write down requirements and somebody will invent. :)

Let's recall how parameters for LDAP queries are passed:
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html#SECID70
If this is acceptable, why similar syntax could not be used for SQLite?

${lookup sqlite{FILE=/path/to/file <select...>}..}

But in my opinion, passing file name as option
${lookup sqlite,file=/path/to/file {..}..}
is more pleasant to read.
--
Eugene Berdnikov