Re: [exim] Local variables tainted?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-users
Betreff: Re: [exim] Local variables tainted?
On 03/09/2021 11:29, Kai Bojens via Exim-users wrote:
> Exim version 4.94.2 #2 built 13-Jul-2021 16:04:57
>
> (Debian Package: 4.94.2-7)
>
> Warning: ACL "warn" statement skipped: condition test deferred: Tainted MySQL server 'localhost/greylist/greylist/xyz'
>
> I am using a MySQL DB for greylisting. The config variables are defined like this:
>
> "GREYLIST_DBSERVER = localhost/greylist/greylist/xyz"


(Aside: That looks like a macro, not a variable)

> This is then referred later:
>
> warn  set acl_m8 = ${lookup mysql{servers=GREYLIST_DBSERVER;\ GREYLIST_SUBNET}{$value}{result=unknown}}
>
> Why would a local variable which is never set by any external input be tainted?


You don't show what GREYLIST_SUBNET is.

In general for this sort of issue it helps to use the debug output
facilities to show what your config is doing in more detail.

Something like

exim -d-all+expand+lookup -be '${lookup mysql{servers=GREYLIST_DBSERVER;\ GREYLIST_SUBNET}{$value}{result=unknown}'

would be of interest.
--
Cheers,
Jeremy