Re: [exim] Staying in the queue taints data ?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-users
Betreff: Re: [exim] Staying in the queue taints data ?
I agree that queued and non-queued should behave the same.


Intriguing that you have the command specified in both router
and transport. Is this tpt run in any other way? If not, the
command spec in it could be removed (and should, to remove confusion).

Further, the commands are not identical: the tpt version uses $local_part
rather than "sympa@", and "queue" rather than "bouncequeue".

That said, this probably isn't relevant to the problem.



I'm wondering if what gets stored in the spool is the aggregate
commandline for the pipe, rather than separate executable & args.
It's reasonable for args to be tainted, but we must not permit
a tainted string for the executable. If the spooled info only
has the aggregate, then we've lost the distinction.

https://bugs.exim.org/show_bug.cgi?id=2862 opened for this.



For testing, you could add a verb at the top of your rcpt acl:

   warn    local_parts = my_test_localpart
         control = debug/opts=+all
         control = queue_only


The debug will go to a file in your log directory. This works with
your normal execute method for the daemon (the alternative is to
stop the service and run the daemon manually with cmdline option for
debug, and collect stderr).

That's fine for investigating the nonqueueing flow.


For the queueing flow use instead

         control = queue_only


(to force queueing rather than having to wait for a high-load period).
Feed a message in, grab the message-id from the log and grab a copy
of the spooled <message-id>-H file (this has all the variables content
associated with the message, marked up for taint). Then:

exim -d+all -M <message-id> 2>&1 | tee debuglog

to deliver it.

--
Cheers,
Jeremy