Re: [exim] Tainted arg 2 for mailman_transport transport com…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jeremy Harris
Date:  
À: exim-users
Sujet: Re: [exim] Tainted arg 2 for mailman_transport transport command
On 20/07/2022 15:37, Kirill Miazine via Exim-users wrote:
> IIRC Mailman has some facility to generate aliases file, which Exim
> could be using. Mailman is able to generate those automatically, and
> that should make the taint checking happy, as there won't be any unsafe
> variables left.


Getting a file out of Mailman to verify recipient names against would be ideal.
You want also to use a static list of possible affixes, rather than a wildcard.

Handling initial signups for a list, where you don't have a known name
to verify, seems like it could be an issue. Still, do a proper job
on all the possible other cases first, to reduce the attack surface,
*before* resorting to deliberately subverting Exim's attempts to
provide security.

These attempts are not perfect; there are ways of evading them.
But do not forget the log4j fracas.

> Looking athttps://bazaar.launchpad.net/~mailman-coders/mailman/2.1/files/head:/Mailman/MTA
> it seems you'd have to say that your MTA is Postfix.


:-(

--
Cheers,
Jeremy