Mailing List Archive

Exim 4.94 Taint issues
Trying Exim 4.94 and I am getting


2020-07-17 19:28:04.818 [8344] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:28:05.074 [8355] 1jwbcO-0001zD-9p == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:28:05.081 [8357] 1jwbdm-00026Z-H4 == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:28:08.197 [8458] 1jwbd9-00022l-JD == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:28:09.012 [8483] 1jwbX9-000P9k-BE == gawlaan@mail.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/gawlaan' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:29:22.009 [8706] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:29:22.299 [8713] 1jwbdm-00026Z-H4 == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:29:25.348 [8784] 1jwbdC-00022w-B2 == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:29:26.146 [8801] 1jwbX9-000P9k-BE == gawlaan@mail.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/gawlaan' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:29:26.389 [8808] 1jwbe1-000270-U8 == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:29:26.881 [8823] 1jwbcO-0001zA-0W == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:29:27.373 [8838] 1jwbd9-00022l-JD == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:29:28.193 [8872] 1jwbcO-0001zD-9p == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:30:05.419 [9189] 1jwbdC-00022w-B2 == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:30:06.158 [9327] 1jwbX9-000P9k-BE == gawlaan@mail.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/gawlaan' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:30:06.403 [9405] 1jwbe1-000270-U8 == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:30:07.325 [9434] 1jwbcO-0001zA-0W == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:30:07.745 [9454] 1jwbd9-00022l-JD == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:30:09.145 [9601] 1jwbdm-00026Z-H4 == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:30:09.151 [9603] 1jwbcO-0001zD-9p == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
2020-07-17 19:30:09.228 [9608] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted

Why is this happening?

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b
Slight not what's near, while aiming at what's far. -Euripides

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim 4.94 Taint issues [ In reply to ]
On 2020-07-18 The Doctor via freebsd-ports <freebsd-ports@freebsd.org> wrote:
> Trying Exim 4.94 and I am getting


> 2020-07-17 19:28:04.818 [8344] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted

Exim specification, concept index, de-tainting.

cu Andreas

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim 4.94 Taint issues [ In reply to ]
On 2020-07-18 The Doctor via freebsd-ports <freebsd-ports@freebsd.org> wrote:

> Trying Exim 4.94 and I am getting
>
> 2020-07-17 19:28:04.818 [8344] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
...
> 2020-07-17 19:30:09.228 [9608] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
>
> Why is this happening?

You are not alone :-)

4.94 introduced more rigorous checking of expanded strings. Any strings
that could potentially be supplied by a remote user e.g. $local_part have
been classed as tainted. This means that they are not to be trusted to
be used directly for things like file name expansion or database lookups.
The log entries you are seeing are informing you that your lookups need
a bit of sanitizing. Generally you can use the tainted data but you
need to clean it before you use it e.g. quote it or use it to derive
another variable.

It's a bit more onerous but this is the price we have to pay for enhanced
security in exim.

Personally, I understand why the devs did this, it is a useful and
worthwhile upgrade to exim, where I think they went wrong is that they
didn't really handle the release of it quite well in the announcement
and even pre-annnouncement. Something along the lines of "We're
going to add strict de-tainting to exim 4.94 which will break a lot
of configurations so please be ready to re-factor your configurations
during the upgrade" would have been useful. If it was made plain,
A LOT of users (me included) missed it so it could be argued that it
wasn't made plain enough....

The RTFM reply you got was not useful either. There should be a section
in the manual purely about de-tainting, its reasoning, possible side
effects and mitigations. As it currently is, anybody wanting information
on what's going on has to trawl through the manual and make inferences
from what they find.

In short, the devs haven't covered themselves with glory with this
upgrade - IMHO.

Regards,




D
lists/exim/users/2020-07-18.tx exim-users
+----------------------------------------------------------------------------+
| Dave Restall, Computer Anorak, Geek, Cyclist, Radio Amateur G4FCU, Bodger |
| Mob +44 (0) 7973 831245 Skype: dave.restall Radio: G4FCU |
| email : dave@restall.net - Anti-SocialMediaist - Web : Not Ready Yet :-( |
+- QOTD ---------------------------------------------------------------------+
| Reappraisal, n.: |
| An abrupt change of mind after being found out. |
+----------------------------------------------------------------------------+


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim 4.94 Taint issues [ In reply to ]
On 18/07/2020 02:22, Andreas Metzler via Exim-users wrote:
> On 2020-07-18 The Doctor via freebsd-ports <freebsd-ports@freebsd.org> wrote:
>> Trying Exim 4.94 and I am getting
>
>> 2020-07-17 19:28:04.818 [8344] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
> Exim specification, concept index, de-tainting.
>
> cu Andreas
>
Except that there isn't such a section.

There's "tainted data" and inside it "de-tainting". Easily found by word
search, but not by manual search under "D".

But finding what you mean is not the problem. The problem is that there
isn't a section of the manual devoted to this concept of tainted data
and untaiting it. The links under the concepts above lead to general
sections about expansions and lookups, that talk about a lot of things,
and the references to tainting are generally cryptic mentions of "cannot
be used on tainted data" or "the return is not tainted".

There really needs to be a section devoted to tainted strings (what they
are, which data is tainted, etc) and how to de-taint them, preferably
with examples of common use cases.

From what I can remember, even the Release notes had only brief mentions
of this new feature, which is a major breaking change. I appreciate the
effort the development team has put in Exim over the years, and I know
that writing documentation is hard and time-consuming. But this needed
to be better documented from the start.


--
The only way to amuse some people is to slip and fall on an icy pavement.

Eduardo M KALINOWSKI
eduardo@kalinowski.com.br


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim 4.94 Taint issues [ In reply to ]
On 2020-07-18 05:22, Andreas Metzler wrote:
> On 2020-07-18 The Doctor via freebsd-ports <freebsd-ports@???> wrote:
> > Trying Exim 4.94 and I am getting
>
>
> > 2020-07-17 19:28:04.818 [8344] 1jwbdQ-00023D-Cx == doctor@??? R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
>
> Exim specification, concept index, de-tainting.
>

This answer has been posted several times here and it's not so useful IMHO. I think you're referring to this information: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html

Please put yourself in the position of the administrator. He may have been using exim with his configuration for years - in my case it was over four years - and suddenly the configuration is broken in several ways. Just because of a minor version update.

Now you can find information like https://git.exim.org/exim.git/blob/HEAD:/src/README.UPDATING and this is incomplete. The change doesn't only break transports, routers are also affected. This tainted thing affects many parts of the configuration and to my option there is only a very rough explanation of the concept of de-tainting.

Most administrators would just need a few (!) practical examples of how de-tainting works, i.e. a before / after version of the configuration. I would write it if I could, but I don't have the knowledge.

I've posted three examples here that work with exim < 4.94, but not with exim >= 4.94 anymore. Unfortunately there were problems with the copy & paste, so the configuration was broken. Here is a corrected version:

Routers
========
local_delivery:
driver = appendfile
directory = /home/${local_part}/.maildir

virtual_aliases:
driver = redirect
domains = lsearch; /etc/exim/virtual_domains
data = ${lookup{$local_part}lsearch{/etc/exim/$domain/aliases}}
no_more

Transport
=========
procmail:
driver = pipe
command = "/usr/bin/procmail -d $local_part"
return_path_add
delivery_date_add
envelope_to_add
user = $local_part
initgroups
return_output

Or take this example: https://lists.exim.org/lurker/message/20200626.075008.113d07ad.en.html

I strongly believe it would be very helpful, if the developers would rewrite some of these configurations and publish it in the documentation.

I think a lot of people are currently faced to problems because of this change and I guess a lot of them just downgraded exim (for example: https://forum.vestacp.com/viewtopic.php?f=12&t=19994) because this is nothing you can repair in a hour or so.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim 4.94 Taint issues [ In reply to ]
> On 2020-07-18 05:22, Andreas Metzler wrote:
[...]
> I strongly believe it would be very helpful, if the developers would rewrite some of these configurations and publish it in the documentation.

If any of you can provide a patch to the docs, that would help the
very busy developers in a big way!

--
pi@opsec.eu +49 171 3101372 Now what ?

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim 4.94 Taint issues [ In reply to ]
On Sat, Jul 18, 2020 at 10:25:52AM +0100, Dave Restall - System Administrator, , , via Exim-users wrote:
>
> On 2020-07-18 The Doctor via freebsd-ports <freebsd-ports@freebsd.org> wrote:
>
> > Trying Exim 4.94 and I am getting
> >
> > 2020-07-17 19:28:04.818 [8344] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
> ...
> > 2020-07-17 19:30:09.228 [9608] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
> >
> > Why is this happening?
>
> You are not alone :-)
>
> 4.94 introduced more rigorous checking of expanded strings. Any strings
> that could potentially be supplied by a remote user e.g. $local_part have
> been classed as tainted. This means that they are not to be trusted to
> be used directly for things like file name expansion or database lookups.
> The log entries you are seeing are informing you that your lookups need
> a bit of sanitizing. Generally you can use the tainted data but you
> need to clean it before you use it e.g. quote it or use it to derive
> another variable.
>
> It's a bit more onerous but this is the price we have to pay for enhanced
> security in exim.
>
> Personally, I understand why the devs did this, it is a useful and
> worthwhile upgrade to exim, where I think they went wrong is that they
> didn't really handle the release of it quite well in the announcement
> and even pre-annnouncement. Something along the lines of "We're
> going to add strict de-tainting to exim 4.94 which will break a lot
> of configurations so please be ready to re-factor your configurations
> during the upgrade" would have been useful. If it was made plain,
> A LOT of users (me included) missed it so it could be argued that it
> wasn't made plain enough....
>
> The RTFM reply you got was not useful either. There should be a section
> in the manual purely about de-tainting, its reasoning, possible side
> effects and mitigations. As it currently is, anybody wanting information
> on what's going on has to trawl through the manual and make inferences
> from what they find.
>
> In short, the devs haven't covered themselves with glory with this
> upgrade - IMHO.
>
> Regards,
>
>
If this the fact that the mail directory is set to chmod 1777 ?


>
>
> D
> lists/exim/users/2020-07-18.tx exim-users
> +----------------------------------------------------------------------------+
> | Dave Restall, Computer Anorak, Geek, Cyclist, Radio Amateur G4FCU, Bodger |
> | Mob +44 (0) 7973 831245 Skype: dave.restall Radio: G4FCU |
> | email : dave@restall.net - Anti-SocialMediaist - Web : Not Ready Yet :-( |
> +- QOTD ---------------------------------------------------------------------+
> | Reappraisal, n.: |
> | An abrupt change of mind after being found out. |
> +----------------------------------------------------------------------------+
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b
Slight not what's near, while aiming at what's far. -Euripides

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim 4.94 Taint issues [ In reply to ]
Also another thing is that there should be some way to "quote" a local part
so its detainted, WITHOUT having to know beforehand which local parts is
valid.

One example is this:

sms_transmit:
driver = accept
domains = +local_domains
local_parts = ^\\d\\d+\$
transport = sms_transport
no_more

sms_transport:
debug_print = "T: Sending SMS to $local_part"
driver = pipe
command = /usr/sbin/smsbot $local_part
return_output = true
user = asterisk

this calls a script, that are run as the "asterisk" user, which initiates a
SMS sending via Asterisk SIP Server.

And here the prequistes are pretty clear - ONLY local parts, which only
contain digits, that contain 2 or more digits are valid.
Theres no way an attacker can use this to "break free" and inject commands
into the smsbot delivery agent.


-----Ursprungligt meddelande-----
Fr?n: Alexander Hoff via Exim-users <exim-users@exim.org>
Skickat: den 18 juli 2020 14:18
Till: Exim-users <Exim-users@exim.org>
?mne: Re: [exim] Exim 4.94 Taint issues

On 2020-07-18 05:22, Andreas Metzler wrote:
> On 2020-07-18 The Doctor via freebsd-ports <freebsd-ports@???> wrote:
> > Trying Exim 4.94 and I am getting
>
>
> > 2020-07-17 19:28:04.818 [8344] 1jwbdQ-00023D-Cx == doctor@???
R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted
'/var/mail/doctor' (file or directory name for local_delivery transport) not
permitted
>
> Exim specification, concept index, de-tainting.
>

This answer has been posted several times here and it's not so useful IMHO.
I think you're referring to this information:
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansio
ns.html

Please put yourself in the position of the administrator. He may have been
using exim with his configuration for years - in my case it was over four
years - and suddenly the configuration is broken in several ways. Just
because of a minor version update.

Now you can find information like
https://git.exim.org/exim.git/blob/HEAD:/src/README.UPDATING and this is
incomplete. The change doesn't only break transports, routers are also
affected. This tainted thing affects many parts of the configuration and to
my option there is only a very rough explanation of the concept of
de-tainting.

Most administrators would just need a few (!) practical examples of how
de-tainting works, i.e. a before / after version of the configuration. I
would write it if I could, but I don't have the knowledge.

I've posted three examples here that work with exim < 4.94, but not with
exim >= 4.94 anymore. Unfortunately there were problems with the copy &
paste, so the configuration was broken. Here is a corrected version:

Routers
========
local_delivery:
driver = appendfile
directory = /home/${local_part}/.maildir

virtual_aliases:
driver = redirect
domains = lsearch; /etc/exim/virtual_domains
data = ${lookup{$local_part}lsearch{/etc/exim/$domain/aliases}}
no_more

Transport
=========
procmail:
driver = pipe
command = "/usr/bin/procmail -d $local_part"
return_path_add
delivery_date_add
envelope_to_add
user = $local_part
initgroups
return_output

Or take this example:
https://lists.exim.org/lurker/message/20200626.075008.113d07ad.en.html

I strongly believe it would be very helpful, if the developers would rewrite
some of these configurations and publish it in the documentation.

I think a lot of people are currently faced to problems because of this
change and I guess a lot of them just downgraded exim (for example:
https://forum.vestacp.com/viewtopic.php?f=12&t=19994) because this is
nothing you can repair in a hour or so.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim 4.94 Taint issues [ In reply to ]
On Fri, 17 Jul 2020, The Doctor via Exim-users wrote:

> Trying Exim 4.94 and I am getting
>
>
> 2020-07-17 19:28:04.818 [8344] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
> 2020-07-17 19:28:05.074 [8355] 1jwbcO-0001zD-9p == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
> 2020-07-17 19:28:05.081 [8357] 1jwbdm-00026Z-H4 == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
> 2020-07-17 19:28:08.197 [8458] 1jwbd9-00022l-JD == doctor@doctor.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
> 2020-07-17 19:28:09.012 [8483] 1jwbX9-000P9k-BE == gawlaan@mail.nl2k.ab.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/gawlaan' (file or directory name for local_delivery transport) not permitted
... ...
> Why is this happening?

and later:

> If this the fact that the mail directory is set to chmod 1777 ?

I worry about any directory that is world-writable,
but that is probably not the cause of *this* problem.

Without seeing *at least* the local_delivery section of your config
it is hard to say what needs changing, but possibly you need to change
file = /var/mail/$local_part
to
file = /var/mail/$local_part_data

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim 4.94 Taint issues [ In reply to ]
Hi,

This time with a better formed subject line :-(

On Sat, 18 Jul 2020 14:12:52 +0100 The Doctor did write :

Snip...

> > On 2020-07-18 The Doctor via freebsd-ports <freebsd-ports@freebsd.org> wrote:
> >
> > > Trying Exim 4.94 and I am getting
> > >
> > > 2020-07-17 19:28:04.818 [8344] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
> > ...
> > > 2020-07-17 19:30:09.228 [9608] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
> > >
> > > Why is this happening?
> >
> >
> If this the fact that the mail directory is set to chmod 1777 ?

Unlikely :-) 1777 is fairly common :-) and I bet it was working fine
before upgrading 4.94. Without looking at your configuration, I'd take
a guess that in your transports section, there will be a local_delivery
transport and it will include a line something like :-

file = /var/mail/$local_part

You will need to somehow de-taint $local_part. I'm not too sure of the
best way to that, I haven't looked too hard at the problem - I saw the
alarms on the list about 4.94 so put back my upgrade until I could devote
the time required to sort it out. I know it's going to be painful for
me because I am doing a lot of things that are broken by de-tainting.
I'm sure somebody will give you a couple of answers, YMMV of course :-)

De-tainting breaks a lot of things and probably merits a step point
release in exim, e.g. going to 4.1.0 rather than incrementing on the
current trunk.

Regards,




D
lists/exim/users/2020-07-18.2.tx exim-users
+----------------------------------------------------------------------------+
| Dave Restall, Computer Anorak, Geek, Cyclist, Radio Amateur G4FCU, Bodger |
| Mob +44 (0) 7973 831245 Skype: dave.restall Radio: G4FCU |
| email : dave@restall.net - Anti-SocialMediaist - Web : Not Ready Yet :-( |
+- QOTD ---------------------------------------------------------------------+
| No stopping or standing. |
+----------------------------------------------------------------------------+



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim 4.94 Taint issues [ In reply to ]
On 2020-07-18 Eduardo M KALINOWSKI via Exim-users <exim-users@exim.org> wrote:
> On 18/07/2020 02:22, Andreas Metzler via Exim-users wrote:
[...]
> > Exim specification, concept index, de-tainting.

> Except that there isn't such a section.

> There's "tainted data" and inside it "de-tainting". Easily found by word
> search, but not by manual search under "D".

Hello,

I had doublechecked that what I refered to does exist before I sent my
response.
ametzler@argenau:~$ w3m -dump 'https://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html' | grep -A6 de-tainting
de-tainting

File and database lookups [Examples of different lookup syntax], File
and database lookups [Lookup types], Domain, host, address, and local
part lists [Domain lists], Domain, host, address, and local part lists
[Domain lists], Domain, host, address, and local part lists [Domain
lists]

[...]
> From what I can remember, even the Release notes had only brief mentions
> of this new feature, which is a major breaking change.

There is a pretty fat note in README.UPDATING:
Exim version 4.94
-----------------

| Some Transports now refuse to use tainted data in constructing their
| delivery location; this WILL BREAK configurations which are not updated
| accordingly. In particular: any Transport use of $local_part which has
| been relying upon check_local_user far away in the Router to make it
| safe, should be updated to replace $local_part with $local_part_data.


> I appreciate the
> effort the development team has put in Exim over the years, and I know
> that writing documentation is hard and time-consuming. But this needed
> to be better documented from the start.

While I agree this is true documention grows with the code, IMHO best
practises are still emerging and we might still see a big hammer like
quote-maximum-lenght-no-evil-characters-including-directory-separators

cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/