著者: Michael Haardt 日付: To: Jeremy Harris via Exim-users 題目: Re: [exim] Taint checker confusing error (blaming file but caused
by later ldap lookup)
Jeremy Harris via Exim-users <exim-users@???> wrote: > One idea that might be worth exploring is to build local_domains
> from a pair of domainlists. Have one with just the ldap lookup,
> and one with everything else:
>
>
> LOCALDOM = /etc/exim4/localdomains
> domainlist d1 = @:localhost:LOCALDOM
> domainlist d2 = ldap;ldap::///ou=mail,dc=do,dc=main?mailDomain?sub?mailDomain=$domain
> domainlist local_domains = +d1 : +d2
Why would that not be tainted? The $domain string "*" would still
be good for a surprise, so taint checking is really needed here,
as is quoting.