[exim] Fwd: Upon applying 4.96-1 on test, "Tainted arg 2" ap…

Top Page
Delete this message
Reply to this message
Author: Johnnie W Adams
Date:  
To: exim-users
Subject: [exim] Fwd: Upon applying 4.96-1 on test, "Tainted arg 2" appears
I believe I understand what I'm to do here--use LDAP to look up the
$local_part and return it, thus untainting it--but I'm finding the examples
in the documentation less than clear. Can someone point me elsewhere?

On Wed, Nov 8, 2023 at 8:44 AM Kurt Jaeger <exim-users@???> wrote:

> Hi!
>
> >      I applied 4.96-1 to our test systems and routing to the LISTSERVer
> > began to fail with "*Tainted arg 2* for listserv_transport transport
> > command:<name of LISTSERV>
> >
> >      The transport is quite simple:
> >
> > # Hand off to LISTSERV lsv_admin script
> >
> > listserv_transport:
> >
> >   driver = pipe
> >
> >   command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> > $local_part"
> >
> >   return_output
> >
> >      What changed? And how do I fix it?
>
> Exim is now checking data from external sources much more rigerous
> and does not longer trust it. For the concept behind this:
>
>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html
>
> Search in that index for the keyword 'de-tainting'.
>
> In your case: "$local_part" is tainted, and has to be changed
> so that it can be considered trustworthy.
>
> --
> pi@???            +49 171 3101372                    Now what ?
>



--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@??? | http://ualr.edu/itservices
*UA Little Rock*

Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.


--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@??? | http://ualr.edu/itservices
*UA Little Rock*

Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/