[exim] Re: Run expansion with a tainted variable

Inizio della pagina
Delete this message
Reply to this message
Autore: Dominic Preston
Data:  
To: exim-users
Oggetto: [exim] Re: Run expansion with a tainted variable
On Sat, 18 May 2024 at 18:20, Jeremy Harris via Exim-users
<exim-users@???> wrote:
> We don't know what your external program is going to do,
> even with respect to its arguments. So we cannot answer on safety.
>
> From 4.97 onwards, tainted args are allowed in ${run } commands.
> You didn't say what you are running.


I'm running Exim 4.97.

So it's not possible to run arbitrary shell commands by tainting a
variable with `rm -fr /` unless, in this instance,
spfquery.mail-spf-perl performed the operation itself as a result of
the argument?

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/