Hi!
I'm using UUCP (over ssh) and updating exim to 4.96 caused some fun with
tainted variables. The uucp transport config includes
command = uux - -r $host!rmail ($local_part@$domain)
to send emails to a UUCP smarthost. As $local_part and $domain are now
tainted for pipe tranports I get errors like:
user@domain.tld R=uucp_smarthost T=uucp_pipe: Tainted arg 4 for uucp_pipe
transport command: 'user@domain.tld'
IIRC, the 'recommended' way to solve issues with tainted variables is to
perform a database lookup. In this case (routing via a UUCP smarthost) I
can't create a database with all possible recipients for obvious reasons.
Luckily I found a post
(https://jimbobmcgee.wordpress.com/2020/07/29/de-tainting-exim-configuration-variables/)
which shows a hack to deal with this situation. However, I would prefer a
recommended solution (if available) or suggest to add an option to allow
tainted variables in a specific transport configuration.
ciao
Markus
--
/ Markus Reschke \
\ madires@theca-tabellaria.de /
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
I'm using UUCP (over ssh) and updating exim to 4.96 caused some fun with
tainted variables. The uucp transport config includes
command = uux - -r $host!rmail ($local_part@$domain)
to send emails to a UUCP smarthost. As $local_part and $domain are now
tainted for pipe tranports I get errors like:
user@domain.tld R=uucp_smarthost T=uucp_pipe: Tainted arg 4 for uucp_pipe
transport command: 'user@domain.tld'
IIRC, the 'recommended' way to solve issues with tainted variables is to
perform a database lookup. In this case (routing via a UUCP smarthost) I
can't create a database with all possible recipients for obvious reasons.
Luckily I found a post
(https://jimbobmcgee.wordpress.com/2020/07/29/de-tainting-exim-configuration-variables/)
which shows a hack to deal with this situation. However, I would prefer a
recommended solution (if available) or suggest to add an option to allow
tainted variables in a specific transport configuration.
ciao
Markus
--
/ Markus Reschke \
\ madires@theca-tabellaria.de /
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/