[exim] Re: Run expansion with a tainted variable

Inizio della pagina
Delete this message
Reply to this message
Autore: Jeremy Harris
Data:  
To: exim-users
Oggetto: [exim] Re: Run expansion with a tainted variable
On 18/05/2024 19:49, Dominic Preston via Exim-users wrote:
> So it's not possible to run arbitrary shell commands by tainting a
> variable with `rm -fr /` unless, in this instance,
> spfquery.mail-spf-perl performed the operation itself as a result of
> the argument?
>


The docs say (in the string-expansions chapter, for ${run })
"The command name may not be tainted, but the remaining arguments can be".
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/