Re: [exim-dev] servers expansion

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Jeremy Harris
Data:  
Para: exim-dev
Asunto: Re: [exim-dev] servers expansion
On 12/06/2021 20:56, Andrew C Aitchison via Exim-dev wrote:
> On Sat, 12 Jun 2021, Jasen Betts via Exim-dev wrote:
>> I'm wanting to be able to use expansion variables in the servers=
>> parameter of query-style lookups.


This immediately sounds dangerous.

[suggested code change]

>> This seems to work for simple variables which is enough for me.  Full
>> brace expansion does not work (I think the parser gets confused).
>>
>> As I understand it this is not going to cause a memory leak.
>>
>> a few lines down from this serverlist is checked to be taint-free so
>> this feels safe to me.
>
> Isn't the idea to check a string is taint-free *before* expanding it ?


Precisely. Consider what an attacker might present you with to get
expanded, and the extensive facilities that Exim expansion offers.
--
Cheers,
Jeremy