Subject: Re: [exim] Exim 4.94 Taint issues
Hi,
On Sat, 18 Jul 2020 14:12:52 +0100 The Doctor did write :
Snip...
> > On 2020-07-18 The Doctor via freebsd-ports <freebsd-ports@freebsd.org> wrote:
> >
> > > Trying Exim 4.94 and I am getting
> > >
> > > 2020-07-17 19:28:04.818 [8344] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
> > ...
> > > 2020-07-17 19:30:09.228 [9608] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
> > >
> > > Why is this happening?
> >
> >
> If this the fact that the mail directory is set to chmod 1777 ?
Unlikely :-) 1777 is fairly common :-) and I bet it was working fine
before upgrading 4.94. Without looking at your configuration, I'd take
a guess that in your transports section, there will be a local_delivery
transport and it will include a line something like :-
file = /var/mail/$local_part
You will need to somehow de-taint $local_part. I'm not too sure of the
best way to that, I haven't looked too hard at the problem - I saw the
alarms on the list about 4.94 so put back my upgrade until I could devote
the time required to sort it out. I know it's going to be painful for
me because I am doing a lot of things that are broken by de-tainting.
I'm sure somebody will give you a couple of answers, YMMV of course :-)
De-tainting breaks a lot of things and probably merits a step point
release in exim, e.g. going to 4.1.0 rather than incrementing on the
current trunk.
Regards,
D
lists/exim/users/2020-07-18.2.tx exim-users
+----------------------------------------------------------------------------+
| Dave Restall, Computer Anorak, Geek, Cyclist, Radio Amateur G4FCU, Bodger |
| Mob +44 (0) 7973 831245 Skype: dave.restall Radio: G4FCU |
| email : dave@restall.net - Anti-SocialMediaist - Web : Not Ready Yet :-( |
+- QOTD ---------------------------------------------------------------------+
| Experience is that marvelous thing that enables you recognize a mistake |
| when you make it again. |
| -- Franklin P. Jones |
+----------------------------------------------------------------------------+
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Hi,
On Sat, 18 Jul 2020 14:12:52 +0100 The Doctor did write :
Snip...
> > On 2020-07-18 The Doctor via freebsd-ports <freebsd-ports@freebsd.org> wrote:
> >
> > > Trying Exim 4.94 and I am getting
> > >
> > > 2020-07-17 19:28:04.818 [8344] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
> > ...
> > > 2020-07-17 19:30:09.228 [9608] 1jwbdQ-00023D-Cx == doctor@nk.ca R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or directory name for local_delivery transport) not permitted
> > >
> > > Why is this happening?
> >
> >
> If this the fact that the mail directory is set to chmod 1777 ?
Unlikely :-) 1777 is fairly common :-) and I bet it was working fine
before upgrading 4.94. Without looking at your configuration, I'd take
a guess that in your transports section, there will be a local_delivery
transport and it will include a line something like :-
file = /var/mail/$local_part
You will need to somehow de-taint $local_part. I'm not too sure of the
best way to that, I haven't looked too hard at the problem - I saw the
alarms on the list about 4.94 so put back my upgrade until I could devote
the time required to sort it out. I know it's going to be painful for
me because I am doing a lot of things that are broken by de-tainting.
I'm sure somebody will give you a couple of answers, YMMV of course :-)
De-tainting breaks a lot of things and probably merits a step point
release in exim, e.g. going to 4.1.0 rather than incrementing on the
current trunk.
Regards,
D
lists/exim/users/2020-07-18.2.tx exim-users
+----------------------------------------------------------------------------+
| Dave Restall, Computer Anorak, Geek, Cyclist, Radio Amateur G4FCU, Bodger |
| Mob +44 (0) 7973 831245 Skype: dave.restall Radio: G4FCU |
| email : dave@restall.net - Anti-SocialMediaist - Web : Not Ready Yet :-( |
+- QOTD ---------------------------------------------------------------------+
| Experience is that marvelous thing that enables you recognize a mistake |
| when you make it again. |
| -- Franklin P. Jones |
+----------------------------------------------------------------------------+
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/