Re: [exim] Taint checking and exim 4.96rc0

Pàgina inicial
Delete this message
Reply to this message
Autor: James
Data:  
A: exim-users
Assumpte: Re: [exim] Taint checking and exim 4.96rc0
On 01/05/2022 10:32, Andreas Metzler via Exim-users wrote:
>>> Do we have *new* taintchecks that break
>>> configurations that were considered secure with 4.95?
>> I has a hash_32_64 of data, accepted in 4.95, requires quote_pgsql with
>> 4.96.
>> Does a hash pass a taint? Whatever, easily adjusted in my config.
> Could you show the complete transport/router that triggered the error and
> how you modified the router to fix this?



4.95 happy:

     set acl_m_greyhash = 
${hash_32_62:$sender_helo_name$sender_address$local_part$domain}
     set acl_m_dontcare = ${lookup pgsql{DELETE FROM acl_data_check 
WHERE hash = '$acl_m_greyhash' AND result = 'GREY';}}



4.96 complains:

Apr 30 10:23:44 XXXXXX exim: [ID 197553 mail.alert] tainted search query
is not properly quoted (ACL defer, /etc/opt/XXX/exim/exim.conf 641):
DELETE FROM acl_data_check WHERE hash =
'5nRjzb5pF9dbd6GaIahLWbvrSNx3Hxi9' AND result = 'GREY';


4.96 happy, added "${quote_pgsql:...}":

     set acl_m_greyhash = 
${hash_32_62:$sender_helo_name$sender_address$local_part$domain}
     set acl_m_dontcare = ${lookup pgsql{DELETE FROM acl_data_check 
WHERE hash = '${quote_pgsql:$acl_m_greyhash}' AND result = 'GREY';}}





4.96 appears to pass a taint flag though the hash whereas 4.95 does not
or the checking rigour has changed such that it is now reported.


These two lines are just logging the receipt in table acl_data_check;
greylisting is done by calling an external process.