redirect router: taint-enforce filenames

author: Jeremy Harris <jgh146exb@wizmail.org> 2020-01-11 21:49:10 +0000
committer: Jeremy Harris <jgh146exb@wizmail.org> 2020-01-11 21:49:10 +0000
commit: 7d99cba1d36af854760c35100b29f0331f619fca (patch)
tree: 2db4daa38dd356d5ffdd3d704ee752848b4c1208 /doc/doc-docbook/spec.xfpt
parent: 9214d2e4dfd9d4f29e9cb7a0eea8a0758ed1b34a (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 0e44b119b..1d6fa536b 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -20579,6 +20579,10 @@ yield empty addresses, for example, items containing only RFC 2822 address
 comments.
 
 .new
+.cindex "tainted data" "in filenames"
+.cindex redirect "tainted data"
+Tainted data may not be used for a filename.
+
 &*Warning*&: It is unwise to use &$local_part$& or &$domain$&
 directly for redirection,
 as they are provided by a potential attacker.
@@ -20812,6 +20816,11 @@ It must be given as
 .code
 list1:   :include:/opt/lists/list1
 .endd
+.new
+.cindex "tainted data" "in filenames"
+.cindex redirect "tainted data"
+Tainted data may not be used for a filename.
+.wen
 .next
 .cindex "address redirection" "to black hole"
 .cindex "delivery" "discard"
author	Jeremy Harris <jgh146exb@wizmail.org>	2020-01-11 21:49:10 +0000
committer	Jeremy Harris <jgh146exb@wizmail.org>	2020-01-11 21:49:10 +0000
commit	7d99cba1d36af854760c35100b29f0331f619fca (patch)
tree	2db4daa38dd356d5ffdd3d704ee752848b4c1208 /doc/doc-docbook/spec.xfpt
parent	9214d2e4dfd9d4f29e9cb7a0eea8a0758ed1b34a (diff)