[exim] Re: Tainted filenames?

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Slavko
Fecha:  
A: exim-users
Asunto: [exim] Re: Tainted filenames?
Dňa 23. 8. o 0:55 Marco Gaiarin via Exim-users napísal(a):

> DKIM_DOMAIN = ${lc:${domain:$h_from:}}


The $h_from is untrusted, thus tainted, anything directly derived 
(expanded) from it will be tainted too and you need to detaint it.

To detaint filename, the ${if exists ...} is not enough and in this case 
is pointless, in your case you can simply use dsearch, something as:

     dkim_private_key = ${lookup{DKIM_DOMAIN-DKIM_SELECTOR-private.pem} \
                  dsearch,ret=full,filter=file {/etc/exim4/dkim/}}

It will search filename DKIM_DOMAIN-DKIM_SELECTOR-private.pem in 
directory /etc/exim4/dkim/ and return its full path (if exists) or empty 
string.

You can test that lookup expansion with -be command line option.

regards

-- 
Slavko
https://www.slavino.sk/


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/