Re: [exim-dev] servers expansion

On 12/06/2021 20:56, Andrew C Aitchison via Exim-dev wrote:
> On Sat, 12 Jun 2021, Jasen Betts via Exim-dev wrote:
>> I'm wanting to be able to use expansion variables in the servers=
>> parameter of query-style lookups.

This immediately sounds dangerous.

[suggested code change]

>> This seems to work for simple variables which is enough for me.  Full
>> brace expansion does not work (I think the parser gets confused).
>>
>> As I understand it this is not going to cause a memory leak.
>>
>> a few lines down from this serverlist is checked to be taint-free so
>> this feels safe to me.
>
> Isn't the idea to check a string is taint-free *before* expanding it ?

Precisely. Consider what an attacker might present you with to get
expanded, and the extensive facilities that Exim expansion offers.
--
Cheers,
Jeremy