On Thu, 25 Jul 2019, Russell King via Exim-users wrote:
On Thu, Jul 25, 2019 at 10:04:19AM +0100, Jeremy Harris via Exim-users wrote:
If the effective configuration file for exim does not use sort
then the system is trivially declarable as not being vulnerable.
Use this command to check: "exim -bP config | grep sort".
The grep expression seems to be a bit over-zealous - it'll pick up
on, e.g., "remote_sort_domains" rather than just the sort expansion
operator. Or is "remote_sort_domains" also implicated?
If it's just the ${sort operator you're after, I think you want the
grep to be:
grep '\${[[:space:]]*sort'
?
I read "trivially declarable as not being vulnerable" as saying that
failing the grep test was a necessary but not sufficient condition
for being exploitable,. ie:
If there is no "sort" in your running config you are safe.
If "sort" *is* present, then you need to engage brain ...
Your test *may* be precise and accurate, but without further research
Jeremy may not have been able to be sure that it would work on all
platforms ...
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
