[exim] Run expansion with a tainted variable

Inizio della pagina
Questo messaggio è parte di questo thread:
Mil thread completo ordinato per data
M 
MJeremy Harris at ->
Delete this message
Reply to this message
Autore: Dominic Preston
Data:  
To: exim-users
Oggetto: [exim] Run expansion with a tainted variable
Hello,

I have a run expansion using a tainted variable: 

condition = ${run{/usr/bin/spfquery.mail-spf-perl \
               --ip $sender_host_address \
               --scope mfrom \
               --identity $sender_address} \
               {no}{${if eq {$runrc}{1}{yes}{no}}}}


Is this usage of $sender_address safe? And if not, what would I do to
make it safe?

Thanks,
Dominic.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Questo messaggio è stato inviato alle seguenti mailing lists:
Exim-users
Informazioni sulla Mailing List | Messaggi correlati		<-[exim] Re: Blowfish auth[exim] Re: Blowfish auth->
Tahini and Hummus and Cumin Development Archives amministrato da cumin AdminsLurker (versione 2.3)