Re: [exim] Taint checker confusing error (blaming file but c…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-users
Betreff: Re: [exim] Taint checker confusing error (blaming file but caused by later ldap lookup)
On 22/12/2021 16:59, Michael Haardt via Exim-users wrote:
> Would it be feasible to replace the tainted bool with a bitfield,
> and have e.g. a file lookup only clear the bit for file operations and
> quote_ldap only clear the bit for ldap?


It wouldn't mesh well with the current implementation, nor would
it solve the specific case presented.

> Would it be possible to expand all strings when reading the configuration
> without causing side effects to check any attempt of using tainted data
> at start up?


No. Variables are used for data which varies on a finer grain
than "exim starting up". For the specific case, $domain varies
with individual recipient (even within a given message).

> How about introducing a new object (like ACL, router etc) that gets
> tainted data and either produces untainted data or a data validation
> failure? It would avoid the *_data side effect currently spread all
> over the configuration and concentrate all checks in one place.


This would involve major redesign, implementation and test effort.
We are lacking volunteers for that.



> most people would never think of [...] using quote_ldap.


It is documented that you should. How much further can we go?
--
Cheers,
Jeremy