Hi all; Firstly, just to note that I understand the purpose of tainting data, and appreciate any improvements to security within Exim.
That said, I was already aware of the potential for bad variable data being exposed to the server, and was removing non-alphanumeric characters from $local_part (or, at least, attempting to) with the expansion ${sg{$local_part}{\N[^A-Za-z0-9_.-]\N}{_}}. However, this still appears to fail in my transports. Is ${sg} not a suitable expansion to de-taint $local_part or $domain? If not, that massively screws with the long-term archival that I am required to do with my Exim mail server (which I appreciate may not have the same use-case as a normal mail server). Regex replacement as de-taint operation is the typical approach in Perl (where they also apply a tainting principle), so I would have reasonably expected it to be the same here. If not, I am desperately in need of an alternative for the following two transports, where I need to be able to store *any* received mail (not handled by earlier routers/transports) in a browsable directory structure, and so don't have valid lookups that I can do: ----------------- BADFILECHARS = \N[^A-Za-z0-9_.-]\N local_unhandled: driver = appendfile create_directory = yes directory = /var/spool/exim/unhandled/\ ${sg{$domain}{BADFILECHARS}{_}}/\ ${sg{$local_part}{BADFILECHARS}{_}}/\ $tod_logfile user = exim group = mail mode = 0660 ### end local_unhandled local_delivery: driver = appendfile file = ${if or{{bool{$acl_m_localdiscard}} \ {bool{${lookup{$local_part} \ lsearch{/etc/passwd} \ {no} \ {yes}}}}} \ {/dev/null} \ {/var/spool/mail/${sg{$local_part}{BADFILECHARS}{_}}}} user = ${if or{{bool{$acl_m_localdiscard}} \ {eqi {$local_part}{root}} \ {bool{${lookup{$local_part} \ lsearch{/etc/passwd} \ {no} \ {yes}}}}} \ {mail} \ {$local_part}} group = mail mode = 0620 delivery_date_add envelope_to_add return_path_add notify_comsat ### end local_delivery ----------------- I've been avoiding check_local_user (since it tries to chdir into home directories that the exim user has no access to), so I don't think I have access to $local_part_data (as nothing populates it). I would dearly love to avoid downgrading to 4.93, off the back of this change. Regards. J. ----------------- ~# exim -bV Exim version 4.94 #2 built 01-Jun-2020 19:51:21 Copyright (c) University of Cambridge, 1995 - 2018 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018 Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc OpenSSL Content_Scanning DANE DKIM DNSSEC Event OCSP PIPE_CONNECT PRDR PROXY SOCKS SPF DMARC TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd sqlite Authenticators: cram_md5 cyrus_sasl dovecot gsasl plaintext spa tls Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline Fixed never_users: 0 Configure owner: 0:0 Size of off_t: 8 Configuration file is /etc/exim/exim.conf ~# yum list installed | grep exim exim.x86_64 4.94-1.el7 @epel -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/