Re: [exim] $dnslist_domain tainted

On 17/11/2022 19:10, Jeremy Harris via Exim-users wrote:
> On 17/11/2022 16:36, Martin Clayton via Exim-users wrote:
>> So, sorry to be a tainted dummy, but I'm still left wondering how to
>> deal with this.

> {exists{VHOST_DIR/$domain_data/VHOST_CONFIG_DIR/blacklists/${extract{1}{=!&/}{$item}{$value}{$item}}}}
>
> The filename there is built from a directory path which is not tainted,
> and a filename which is.  This is a standard pattern for detainting
> using a dsearch lookup
> [...] docs [...]
> So, use a ${lookup {tainted_thing} dsearch {untainted_path}   {found}
> {not_found}}.

Huge thanks for the direction and clarity. I'm sure I can now get the
new machine purring. I'm usually fairly good with docs and find exim4
particularly 'tight' (in a good way), sometimes, 'intense'. ;) Normally,
it's battling with syntax but this one feels more like policy and I lost
the way. 'Taint easy but one day I'll have a better grip on the
fundamentals and the blindingly obvious will be visible -- although, I
can see how that could go wrong :)

I'm looking at such a small part of exim, how you/team keep the whole
project together is simply amazing.

Thanks!