[exim] Re: Fwd: Upon applying 4.96-1 on test, "Tainted arg 2…

Top Page
Delete this message
Reply to this message
Author: Oleksandr Kryvulia
Date:  
To: exim-users
Subject: [exim] Re: Fwd: Upon applying 4.96-1 on test, "Tainted arg 2" appears
Use in transport same lookup as in a router:

  driver = pipe
  command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
${lookup ldap{...}{$value}fail}"

08.11.23 22:11, Johnnie W Adams via Exim-users:
> I believe I understand what I'm to do here--use LDAP to look up the
> $local_part and return it, thus untainting it--but I'm finding the examples
> in the documentation less than clear. Can someone point me elsewhere?
>
> On Wed, Nov 8, 2023 at 8:44 AM Kurt Jaeger <exim-users@???> wrote:
>
>> Hi!
>>
>>>       I applied 4.96-1 to our test systems and routing to the LISTSERVer
>>> began to fail with "*Tainted arg 2* for listserv_transport transport
>>> command:<name of LISTSERV>
>>>
>>>       The transport is quite simple:
>>>
>>> # Hand off to LISTSERV lsv_admin script
>>>
>>> listserv_transport:
>>>
>>>    driver = pipe
>>>
>>>    command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
>>> $local_part"
>>>
>>>    return_output
>>>
>>>       What changed? And how do I fix it?
>> Exim is now checking data from external sources much more rigerous
>> and does not longer trust it. For the concept behind this:
>>
>>
>> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html
>>
>> Search in that index for the keyword 'de-tainting'.
>>
>> In your case: "$local_part" is tainted, and has to be changed
>> so that it can be considered trustworthy.
>>
>> --
>> pi@???            +49 171 3101372                    Now what ?
>>
>



--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/