Re: [exim] Sieve filters broken due to tainted expansions?
On 09/01/2020 19:52, Michael Haardt via Exim-users wrote: >> ChangeLog, 4.93 :- >> >> JH/32 >> Introduce a general tainting mechanism for values read from the input >>channel, and values derived from them. Refuse to expand any tainted >> values, to catch one form of exploit. > > Ok, so the problem was not in Sieve operation itself, but in the fact that > a Sieve script was read (expanded) from a path that contained $local_part? > If so, why was the script executed? That's a stage of enforcement yet to be implemented. Perhaps next release. Currently, only explicit expansions have the enforcmeent but it needs extending to implicit ones also. > What's the suggested way to do that for virtual domains, that is many > mailboxes that all belong to the same local user, and which are not > obtained through a lookup, but through the filesystem itself? The result of a lookup is untainted, and will likely remain so (even if the key for the lookup is tainted, eg. $local_part). So whatever you're doing now should still work, so long as you don't name the DB for the lookup using tainted data. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Sieve filters broken due to tainted expansions?
> ChangeLog, 4.93 :- > > JH/32 > Introduce a general tainting mechanism for values read from the input >channel, and values derived from them. Refuse to expand any tainted > values, to catch one form of exploit. Ok, so the problem was not in Sieve operation itself, but in the fact that a Sieve script was read (expanded) from a path that contained $local_part? If so, why was the script executed? What's the suggested way to do that for virtual domains, that is many mailboxes that all belong to the same local user, and which are not obtained through a lookup, but through the filesystem itself? Michael -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Sieve filters broken due to tainted expansions?
On 07/01/2020 20:20, Michael Haardt via Exim-users wrote: > I did > not really follow the list recently, so I missed the introduction of > "tainted" expansions, To follow up on that point: ChangeLog, 4.93 :- JH/32 Introduce a general tainting mechanism for values read from the input channel, and values derived from them. Refuse to expand any tainted values, to catch one form of exploit. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [Exim-users-de] Exim und Dovevot - Auth für SMTP-User
Hallo Heiko, Am 09.01.2020 um 11:21 schrieb Heiko Schlichting: > Das ist ein Fehler auf einer ganz anderen Ebene und kann z.B. in einer > entsprechenden ACL für einen connect von diesem Host mit > >control = no_enforce_sync > > entsprechend umgangen werden. Grundsätzlich könnte man die Prüfung auch > global mit Da in der letzten Woche meine IP-Adresse gewechselt hat, vermute ich daß auch der Hostname der t-online-Einwahlen nicht stabil ist. Vermutlich ist die IPV6-Adresse stabil. Aber für jeden einzelnen, der sich einwählt, einen Eintrag machen... Das Merkwürdige ist, daß es bei der Uni Münster mit dem gleichen Client funktioniert. Aber die benutzen vermutlich keinen Exim. Vielleicht hat ja noch jemand anderes eine Idee, wie man mit den sendenden Client umgehen kann? Gruß Jutta (Wrage) -- http://www.witch.westfalen.de ___ Exim-users-de mailing list Exim-users-de@exim.org https://lists.exim.org/mailman/listinfo/exim-users-de
