[exim-dev] [Bug 2602] New: Tainted name '/etc/exim/vfilters/domain.com' for file read not permitted
https://bugs.exim.org/show_bug.cgi?id=2602 Bug ID: 2602 Summary: Tainted name '/etc/exim/vfilters/domain.com' for file read not permitted Product: Exim Version: 4.94 Hardware: x86 OS: Linux Status: NEW Severity: bug Priority: medium Component: Filters Assignee: unalloca...@exim.org Reporter: jhay...@liquidweb.com CC: exim-dev@exim.org Our mail server updated to exim 4.94-1 earlier in the morning today and mail delivery started to fail after the update. After the update and restart of exim we noticed the following errors in the server logs: 2020-06-18 02:38:12.217 [6341] 1jloBg-0001eG-6f == u...@domain.com R=central_filter defer (-1) DT=0.000s: Tainted name '/etc/exim/vfilters/domain.com' for file read not permitted\n I've redacted our user and domain in this error message above. We also noticed the same errors logged for a empty filter file in the same directory. Reverting back to exim 4.93-3 resolves the 'Tainted name' errors on our server. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2602] Tainted name '/etc/exim/vfilters/domain.com' for file read not permitted
https://bugs.exim.org/show_bug.cgi?id=2602 --- Comment #2 from jhay...@liquidweb.com --- A suggestion to update the documentation around filters as in that documentation a example is provided stating that $domain can be used: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-systemwide_message_filtering.html 8. Per-address filtering In contrast to the system filter, which is run just once per message for each delivery attempt, it is also possible to set up a system-wide filtering operation that runs once for each recipient address. In this case, variables such as $local_part and $domain can be used, and indeed, the choice of filter file could be made dependent on them. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2602] Tainted name '/etc/exim/vfilters/domain.com' for file read not permitted
https://bugs.exim.org/show_bug.cgi?id=2602 jhay...@liquidweb.com changed: What|Removed |Added Component|Filters |Documentation -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2602] Tainted name '/etc/exim/vfilters/domain.com' for file read not permitted
https://bugs.exim.org/show_bug.cgi?id=2602 Jeremy Harris changed: What|Removed |Added Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #1 from Jeremy Harris --- You are very likely using a tainted value, eg $domain, in building that filename. You need to change your config to use an untainted value. Please search for de-tainting in the Concept Index of the documentation. Closing as not a bug. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##