summaryrefslogtreecommitdiff
path: root/doc/doc-docbook/spec.xfpt
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2022-03-27 20:41:05 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2022-03-27 21:00:33 +0100
commitcfe6acff2ddc7eb03b3489770219edf829abd323 (patch)
treef3c643b463a9a9226e46739c080411613f828c38 /doc/doc-docbook/spec.xfpt
parent5800e3234f2594639d82e5063d9c522c6a881d25 (diff)
Taintcheck transport-process arguments
Diffstat (limited to 'doc/doc-docbook/spec.xfpt')
-rw-r--r--doc/doc-docbook/spec.xfpt21
1 files changed, 18 insertions, 3 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 105e2fc5d..6c885176f 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -10663,16 +10663,28 @@ expansion items.
This item inserts &"raw"& header lines. It is described with the &%header%&
expansion item in section &<<SECTexpansionitems>>& above.
-.vitem "&*${run{*&<&'command'&>&*&~*&<&'args'&>&*}{*&<&'string1'&>&*}&&&
+.vitem "&*${run <&'options'&> {*&<&'command&~arg&~list'&>&*}{*&<&'string1'&>&*}&&&
{*&<&'string2'&>&*}}*&"
.cindex "expansion" "running a command"
.cindex "&%run%& expansion item"
-The command and its arguments are first expanded as one string. The string is
-split apart into individual arguments by spaces, and then the command is run
+This item runs an external command, as a subprocess.
+.new
+One option is supported after the word &'run'&, comma-separated.
+
+If the option &'preexpand'& is not used,
+the command string is split into individual arguments by spaces
+and then each argument is expanded.
+Then the command is run
in a separate process, but under the same uid and gid. As in other command
executions from Exim, a shell is not used by default. If the command requires
a shell, you must explicitly code it.
+The command name may not be tainted, but the remaining arguments can be.
+If the option &'preexpand'& is used,
+.wen
+the command and its arguments are first expanded as one string. The result is
+split apart into individual arguments by spaces, and then the command is run
+as above.
Since the arguments are split by spaces, when there is a variable expansion
which has an empty result, it will cause the situation that the argument will
simply be omitted when the program is actually executed by Exim. If the
@@ -10683,6 +10695,9 @@ in a string containing quotes, because it would interfere with the quotes
around the command arguments. A possible guard against this is to wrap the
variable in the &%sg%& operator to change any quote marks to some other
character.
+.new
+Neither the command nor any argument may be tainted.
+.wen
The standard input for the command exists, but is empty. The standard output
and standard error are set to the same file descriptor.