Re: [exim] tainted filname issue

Góra strony
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
Dla: exim-users
Temat: Re: [exim] tainted filname issue
On 05/05/2021 01:41, Dan Egli via Exim-users wrote:
>   dkim_private_key   = ${if exists{/etc/exim/DKIM/${lc:$sender_address_domain}/dkim.private.key.pem}\
> {/etc/exim/DKIM/${lc:$sender_address_domain}/dkim.private.key.pem}{0}}
>
> So how do I correct this?


You look up that domain in a trusted database, so as to obtain a trusted
value. This has to be done in a manner that Exim recognises: obtaining
untainted data that you can use in your expansion.

The "exists" check is not sufficient for this. Replace it with a "dsearch"
lookup, since (currently) your trusted database is the filesystem.
--
Cheers,
Jeremy