Re: [exim-dev] servers expansion

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMAndrew C Aitchison at <-
MJasen Betts at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-dev
Subject: Re: [exim-dev] servers expansion
On 12/06/2021 20:56, Andrew C Aitchison via Exim-dev wrote:
> On Sat, 12 Jun 2021, Jasen Betts via Exim-dev wrote:
>> I'm wanting to be able to use expansion variables in the servers=
>> parameter of query-style lookups.

This immediately sounds dangerous.

[suggested code change]

>> This seems to work for simple variables which is enough for me.  Full
>> brace expansion does not work (I think the parser gets confused).
>>
>> As I understand it this is not going to cause a memory leak.
>>
>> a few lines down from this serverlist is checked to be taint-free so
>> this feels safe to me.
>
> Isn't the idea to check a string is taint-free *before* expanding it ?

Precisely. Consider what an attacker might present you with to get
expanded, and the extensive facilities that Exim expansion offers.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] servers expansionRe: [exim-dev] Mail boincing back to bounces@servername instead of sender->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)