report a bug |  advanced search |  statistics |  developer log in/out

go to bug id or search bugs for

Bug #77 Changes to Exim Tainting breaks documented settings
Submitted: 2022-09-09 19:15 UTC Modified: -
From: wesley dot jones at uni dot edu Assigned:
Status: Open
Mlmmj Version: 1.3.0.0 OS: CentOS 7.9.2009
MTA: Exim MTA Version: 4.96
View Add Comment Developer Edit
You must login as a developer to do anything here. You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
 [2022-09-09 19:15 UTC] wesley dot jones at uni dot edu 
Description:
------------
The documented transport expansion logic no longer functions due to the Exim 
4.96 release (occurring on 28 August 2022 on CentOS 7). We are seeing the 
following log in Exim:

```
/var/log/exim/main.log:2022-09-08 15:24:33 1oWO4f-00016p-2j ** test-
mailing@lists.domain.edu R=mlmmj_router T=mlmmj_transport: Tainted arg 3 for 
mlmmj_transport transport command: '/var/spool/mlmmj/lists/test-mailing'
```


*The documented transport rule:*

```
mlmmj_transport:
  ...
  command = /usr/local/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}
```

*Updated methods that don't rely on typically tainted data:*

```
mlmmj_transport:
  command = /usr/bin/mlmmj-receive -F -L ${lookup{${lc:$local_part}}dsearch{MLMMJ_HOME}}
```

This method was devised after referring to this Exim article, noting $local_part 
as typically tainted: 
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html. 

We referred to the information in the header text indicating a common method of “de-tainting” is to 
use lookup methods. Here's the details about that: 
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html