Re: [exim] tainted filname issue

Top Page
This message is part of the following thread:
M--+\the complete thread tree sorted by date
M\.MMWolfgang Breyha at <-
MM\Heiko Schlittermann at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] tainted filname issue
On 05/05/2021 01:41, Dan Egli via Exim-users wrote:
>   dkim_private_key   = ${if exists{/etc/exim/DKIM/${lc:$sender_address_domain}/dkim.private.key.pem}\
> {/etc/exim/DKIM/${lc:$sender_address_domain}/dkim.private.key.pem}{0}}
>
> So how do I correct this?

You look up that domain in a trusted database, so as to obtain a trusted
value. This has to be done in a manner that Exim recognises: obtaining
untainted data that you can use in your expansion.

The "exists" check is not sufficient for this. Replace it with a "dsearch"
lookup, since (currently) your trusted database is the filesystem.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] prefer IPv6 over v4?Re: [exim] tainted filname issue->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)