Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
Upon applying 4.96-1 on test, "Tainted arg 2" appears
exim-users at lists
Nov 8, 2023, 6:30 AM
Post #1 of 2 (66 views)
Permalink
Hi, folks,

I applied 4.96-1 to our test systems and routing to the LISTSERVer
began to fail with "*Tainted arg 2* for listserv_transport transport
command:<name of LISTSERV>

The transport is quite simple:

# Hand off to LISTSERV lsv_admin script

listserv_transport:

driver = pipe

command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
$local_part"

return_output

What changed? And how do I fix it?

Thanks,

John A
--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Upon applying 4.96-1 on test, "Tainted arg 2" appears [ In reply to ]
exim-users at lists
Nov 8, 2023, 6:44 AM
Post #2 of 2 (66 views)
Permalink
Hi!

> I applied 4.96-1 to our test systems and routing to the LISTSERVer
> began to fail with "*Tainted arg 2* for listserv_transport transport
> command:<name of LISTSERV>
>
> The transport is quite simple:
>
> # Hand off to LISTSERV lsv_admin script
>
> listserv_transport:
>
> driver = pipe
>
> command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> $local_part"
>
> return_output
>
> What changed? And how do I fix it?

Exim is now checking data from external sources much more rigerous
and does not longer trust it. For the concept behind this:

http://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html

Search in that index for the keyword 'de-tainting'.

In your case: "$local_part" is tainted, and has to be changed
so that it can be considered trustworthy.

--
pi@opsec.eu +49 171 3101372 Now what ?

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal