Author: Michael Haardt Date: To: Jeremy Harris via Exim-users Subject: Re: [exim] Taint checker confusing error (blaming file but caused
by later ldap lookup)
> > Would it be possible to expand all strings when reading the configuration > > without causing side effects to check any attempt of using tainted data
> > at start up?
>
> No. Variables are used for data which varies on a finer grain
> than "exim starting up". For the specific case, $domain varies
> with individual recipient (even within a given message).
Does Exim do lazy evaluation during string expansion? If not,
dummy values should suffice for the purpose of checking if
string expansions refer to tainted variables. This would also
point out the attempt to use non-existant variables and verify
overall syntax.
> > How about introducing a new object (like ACL, router etc) that gets
> > tainted data and either produces untainted data or a data validation
> > failure? It would avoid the *_data side effect currently spread all
> > over the configuration and concentrate all checks in one place.
>
> This would involve major redesign, implementation and test effort.
> We are lacking volunteers for that.
For implementation, yes. But could we come up with a design that
avoids the current problems?
> > most people would never think of [...] using quote_ldap.
>
> It is documented that you should. How much further can we go?
Well, given that reason nobody needed taint checking to begin with. ;-)
