Author: Jeremy Harris Date: To: exim-users Subject: Re: [exim] Taint checker confusing error (blaming file but caused
by later ldap lookup)
On 22/12/2021 16:59, Michael Haardt via Exim-users wrote: > Would it be feasible to replace the tainted bool with a bitfield,
> and have e.g. a file lookup only clear the bit for file operations and
> quote_ldap only clear the bit for ldap?
It wouldn't mesh well with the current implementation, nor would
it solve the specific case presented.
> Would it be possible to expand all strings when reading the configuration
> without causing side effects to check any attempt of using tainted data
> at start up?
No. Variables are used for data which varies on a finer grain
than "exim starting up". For the specific case, $domain varies
with individual recipient (even within a given message).
> How about introducing a new object (like ACL, router etc) that gets
> tainted data and either produces untainted data or a data validation
> failure? It would avoid the *_data side effect currently spread all
> over the configuration and concentrate all checks in one place.
This would involve major redesign, implementation and test effort.
We are lacking volunteers for that.
> most people would never think of [...] using quote_ldap.
It is documented that you should. How much further can we go?
--
Cheers,
Jeremy
