Yes, because you could escape out of the argument, think if local part contains like "something && echo /etc/passwd". Then whats executed is: |/home/exim/scripts/my_script something && echo /etc/password
Fetching in the argument via environment variable is safe (as long as you in the script doesn't use it for something dangerous, but thats not exim's fault), since then you cannot use the variable to escape out of the shell. -----Ursprungligt meddelande----- Från: Richard Gilbert via Exim-users <[email protected]> Skickat: den 1 juni 2021 12:53 Till: Exim users list <[email protected]> Ämne: [exim] Should the taint checks apply to arguments? I understand why it is dangerous to use tainted data in constructing filenames so I can no longer run a command containing the local_part, e.g. data = |/home/exim/scripts/$local_part I see that it is also an error to use, e.g. data = |/home/exim/scripts/my_script $local_part In this case the script is fixed and the tainted data is being used as an argument. Is that still dangerous? The script can pick up the local_part from the LOCAL_PART environment variable. Richard -- Richard Gilbert IT Services University of Sheffield, Sheffield, S10 2FN, UK Phone: +44 114 222 3028 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
