著者: Jeremy Harris 日付: To: exim-users 題目: Re: [exim] tainted filname issue
On 05/05/2021 01:41, Dan Egli via Exim-users wrote: > dkim_private_key = ${if exists{/etc/exim/DKIM/${lc:$sender_address_domain}/dkim.private.key.pem}\
> {/etc/exim/DKIM/${lc:$sender_address_domain}/dkim.private.key.pem}{0}}
>
> So how do I correct this?
You look up that domain in a trusted database, so as to obtain a trusted
value. This has to be done in a manner that Exim recognises: obtaining
untainted data that you can use in your expansion.
The "exists" check is not sufficient for this. Replace it with a "dsearch"
lookup, since (currently) your trusted database is the filesystem.
--
Cheers,
Jeremy
