On 2023-10-26 Thomas Andrews via Exim-users <exim-users@???> wrote:
> On 10/25/23 23:09, Jeremy Harris via Exim-users wrote:
[...]
> > For use in a command line for a pipe transport, you'll need de-tainted
> > versions of those. Which means full verification of both components
> > against a local source of trust.
> The destination address could be gjh@??? or anything - ie I have no
> way to de-taint it as it is not a local address. Therefore using $local_part
> and $domain is not an option. What are my other options? (By the way, it
> doesn't actually matter if the destination address is tainted in my case -
> the external program my_proggie will deal with that.)
Exim will refuse to invoke the external arguments with tainted
arguments.
Other options are to pass on the information by different means than a
commandline arguments, inline like using lmtp protocol.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/