[exim] Re: Fwd: Upon applying 4.96-1 on test, "Tainted arg 2…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Johnnie W Adams
Date:  
À: Oleksandr Kryvulia
CC: exim-users
Sujet: [exim] Re: Fwd: Upon applying 4.96-1 on test, "Tainted arg 2" appears
No luck:

2023-11-09 12:14:40 1r17tu-000X39-23 == *johnnie*
s-test-list-2@??? R=listserv T=listserv_transport defer (0)
DT=0s: Expansion of "${lookup ldap{ldap://
ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=${quote_ldap:$local_part@$domain})}fail}"
from command "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
"${lookup ldap{ldap://
ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=${quote_ldap:$local_part@$domain})}fail}""
in listserv_transport transport failed: lookup of "ldap://
ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=
*johnnie*s-test-list-2%40lists.test.ualr.edu)" gave DEFER: ldap_url_parse:
(error 8) parsing "ldap://
ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=
*johnnie*s-test-list-2%40lists.test.ualr.edu)"\n

On Thu, Nov 9, 2023 at 12:13 PM Oleksandr Kryvulia via Exim-users <
exim-users@???> wrote:

> Try to use quotes around the lookup:
>
> command = /opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> "${lookup
> ldap{ldap://
> ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn(mail=${quote_ldap:$local_part@$domain})}fail
> <http://ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn(mail=$%7Bquote_ldap:$local_part@$domain%7D)%7Dfail>
> }"
>
> 09.11.23 18:29, Johnnie W Adams via Exim-users:
> > Thanks! That's got me almost there. This works when I test with exim -be,
> > but in exim.conf, it fails with missing lookup type:
> >
> > command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> > ${lookup ldap{ldap://
> >
> ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=${quote_ldap:$local_part@$domain})}fail
> <http://ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=$%7Bquote_ldap:$local_part@$domain%7D)%7Dfail>
> > }"
> >
> >
> >
> > On Thu, Nov 9, 2023 at 5:50 AM Oleksandr Kryvulia via Exim-users <
> > exim-users@???> wrote:
> >
> >> Use in transport same lookup as in a router:
> >>
> >>     driver = pipe
> >>     command = "/opt/lsoft/listserv/bin/lsv_amin
> /opt/lsoft/listserv/spool
> >> ${lookup ldap{...}{$value}fail}"
> >>
> >> 08.11.23 22:11, Johnnie W Adams via Exim-users:
> >>> I believe I understand what I'm to do here--use LDAP to look up the
> >>> $local_part and return it, thus untainting it--but I'm finding the
> >> examples
> >>> in the documentation less than clear. Can someone point me elsewhere?
> >>>
> >>> On Wed, Nov 8, 2023 at 8:44 AM Kurt Jaeger <exim-users@???>
> wrote:
> >>>
> >>>> Hi!
> >>>>
> >>>>>        I applied 4.96-1 to our test systems and routing to the
> >> LISTSERVer
> >>>>> began to fail with "*Tainted arg 2* for listserv_transport transport
> >>>>> command:<name of LISTSERV>
> >>>>>
> >>>>>        The transport is quite simple:
> >>>>>
> >>>>> # Hand off to LISTSERV lsv_admin script
> >>>>>
> >>>>> listserv_transport:
> >>>>>
> >>>>>     driver = pipe
> >>>>>
> >>>>>     command = "/opt/lsoft/listserv/bin/lsv_amin
> >> /opt/lsoft/listserv/spool
> >>>>> $local_part"
> >>>>>
> >>>>>     return_output
> >>>>>
> >>>>>        What changed? And how do I fix it?
> >>>> Exim is now checking data from external sources much more rigerous
> >>>> and does not longer trust it. For the concept behind this:
> >>>>
> >>>>
> >>>>
> >>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html
> >>>> Search in that index for the keyword 'de-tainting'.
> >>>>
> >>>> In your case: "$local_part" is tainted, and has to be changed
> >>>> so that it can be considered trustworthy.
> >>>>
> >>>> --
> >>>> pi@???            +49 171 3101372                    Now what ?
> >>>>
> >>
> >> --
> >> ## subscription configuration (requires account):
> >> ##
> >>
> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> >> ## unsubscribe (doesn't require an account):
> >> ##   exim-users-unsubscribe@???
> >> ## Exim details at http://www.exim.org/
> >> ## Please use the Wiki with this list - http://wiki.exim.org/
> >>
> >
>
>
> --
> ## subscription configuration (requires account):
> ##
> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ##   exim-users-unsubscribe@???
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>



--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@??? | http://ualr.edu/itservices
*UA Little Rock*

Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/