On 11/10/20 11:36 PM, Heiko Schlittermann via Exim-users wrote:
Hi,
I welcome the suggestions, especially the idea about gradually enabling
taintchecks, to allow a smooth transition, as suggested by Mike Tubby.
taint_mode = yes | no | warn
Another idea from my side (it's similar to Sebastian N's idea)
begin transports
smtp:
driver = smtp
dkim_domain = $sender_address_domain
dkim_selector = 2020-08-25
dkim_private_key = /etc/exim/dkim/$dkim_selector.$dkim_domain.pem
We could provide taint checks for different situations, as the risk of
using tainted data depends on the usage of the data (filename, log
message, lookup key, …)
Provide a new set of functions:
${XXX{<string1>}{<string2>}{<string3>}}
${XXX{<string1>}{<string2>}fail}
${XXX{<string1>}{<string2>}}
With XXX as
- file (no "/")
- path (no "..")
- line (no "\r", "\n")
...
dkim_private_key =
/etc/exim/dkim/${file{$dkim_selector.$dkim_domain.pem}}
or
dkim_private_key =
${path{/etc/exim/dkim/$dkim_selector.$dkim_domain.pem}}
This can give us flexibility where the current lookup based way of
untainting doesn't work.
I like the functions idea the best, as tainting is _already_ here, but
really either way could do.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
