Mailing List Archive

${dlfunc
I need a little more control over string expansion failure than ${readsock
can provide, however I don't want the weight of Perl or ${run. In
particular it's awkward to get a non-forced expansion failure out of
${readsock, which is needed for sensible error handling with options like
errors_to. This patch implements a ${dlfunc string expansion hook for C
programmers. Flames and/or adulation welcome.

Tony.
--
<fanf@exim.org> <dot@dotat.at> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
Re: ${dlfunc [ In reply to ]
On Fri, 18 Feb 2005, Tony Finch wrote:

> I need a little more control over string expansion failure than ${readsock
> can provide, however I don't want the weight of Perl or ${run. In
> particular it's awkward to get a non-forced expansion failure out of
> ${readsock, which is needed for sensible error handling with options like
> errors_to. This patch implements a ${dlfunc string expansion hook for C
> programmers. Flames and/or adulation welcome.

I need (if I ever get time) to get up to speed on dynamically loading
things. My (unexpert) worry is the danger of loading the wrong thing and
thereby causing a security problem. This is not an issue on hosts where
there are no user login accounts, of course. Is this just a matter of
suitable documentation?

--
Philip Hazel University of Cambridge Computing Service,
ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
Re: ${dlfunc [ In reply to ]
On Mon, 21 Feb 2005, Philip Hazel wrote:
>
> I need (if I ever get time) to get up to speed on dynamically loading
> things.

Things are rather simpler from the porting point of view than they were a
few years ago, because the dlopen() API has become a de facto standard
(even on non-ELF systems).

> My (unexpert) worry is the danger of loading the wrong thing and
> thereby causing a security problem. This is not an issue on hosts where
> there are no user login accounts, of course. Is this just a matter of
> suitable documentation?

I've added a forbid_filter_dlfunc option, which should probably also be
mentioned alongside the compile-time EXPAND_DLFUNC option to warn
sysadmins that they may want to adjust their configuration file when
compiling in the feature.

An alternative design which might be safer (if forbid_filter_dlfunc is
accidentally omitted) would be to have a global dynamically_loaded_objects
option which specifies which files to load, and have ${dlfunc only specify
the function name. I decided that lazy loading of dynamic code and
function searching would be easier to implement if the file and function
were specified together.

${perl and ${run have similar security concerns.

Tony.
--
<fanf@exim.org> <dot@dotat.at> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
Re: ${dlfunc [ In reply to ]
On Tue, 2005-02-22 at 13:20 +0000, Tony Finch wrote:
>An alternative design which might be safer (if forbid_filter_dlfunc is
>accidentally omitted) would be to have a global dynamically_loaded_objects
>option which specifies which files to load, and have ${dlfunc only specify
>the function name. I decided that lazy loading of dynamic code and
>function searching would be easier to implement if the file and function
>were specified together.

Could you do this with lookups instead of a special string expansion?

I'd like to see lookups put into shared libraries and configured
optionally from the config file -- then whatever it is you're using with
${dlfunc could be turned into another lookup.

--
dwmw2
Re: ${dlfunc [ In reply to ]
On Tue, 22 Feb 2005, Tony Finch wrote:

> ${perl and ${run have similar security concerns.

Sure. I'm not saying I don't want it. I just want to *understand* it
properly so that the concerns can be (hopefully clearly) documented.

--
Philip Hazel University of Cambridge Computing Service,
ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
Re: ${dlfunc [ In reply to ]
On Tue, 22 Feb 2005, David Woodhouse wrote:
>
> Could you do this with lookups instead of a special string expansion?

Yes, I suppose so, though the adaptation layer would be a bit more heavy
and inflexible until ${lookup is made modular at run-time. The purpose I
have in mind fits the ${perl model slightly better than the ${lookup
model, though perhaps a ${lookup perl{...} } would also be part of your
plans for the future :-)

Tony.
--
<fanf@exim.org> <dot@dotat.at> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
Re: ${dlfunc [ In reply to ]
On Tue, 2005-02-22 at 14:37 +0000, Tony Finch wrote:
>Yes, I suppose so, though the adaptation layer would be a bit more heavy
>and inflexible until ${lookup is made modular at run-time.

Making ${lookup modular is mostly just a case of turning lookup_list[]
into a linked list instead of a static array, and having a way of adding
to it at runtime by dlopening something with the new lookup type in.

--
dwmw2