On 22/12/2021 16:59, Michael Haardt via Exim-users wrote:
Would it be feasible to replace the tainted bool with a bitfield, and have e.g. a file lookup only clear the bit for file operations and quote_ldap only clear the bit for ldap?
It wouldn't mesh well with the current implementation, nor would it solve the specific case presented.
Would it be possible to expand all strings when reading the configuration without causing side effects to check any attempt of using tainted data at start up?
No. Variables are used for data which varies on a finer grain than "exim starting up". For the specific case, $domain varies with individual recipient (even within a given message).
How about introducing a new object (like ACL, router etc) that gets tainted data and either produces untainted data or a data validation failure? It would avoid the *_data side effect currently spread all over the configuration and concentrate all checks in one place.
This would involve major redesign, implementation and test effort. We are lacking volunteers for that.
most people would never think of [...] using quote_ldap.
It is documented that you should. How much further can we go? -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
