From 0d2e392e281e96d9f9f2f3dd438affe3f2563c57 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 11 Jan 2020 21:46:43 +0000 Subject: appendfile: taint-enforce file & directory options testsuite: bless facility --- doc/doc-docbook/spec.xfpt | 8 ++++++++ doc/doc-txt/ChangeLog | 3 +++ 2 files changed, 11 insertions(+) (limited to 'doc') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 254ed69cc..bb2ce122c 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -22371,6 +22371,14 @@ If &%file%& or &%directory%& is set for a delivery from a redirection, it is used to determine the file or directory name for the delivery. Normally, the contents of &$address_file$& are used in some way in the string expansion. .endlist +.new +.cindex "tainted data" "in filenames" +.cindex appendfile "tainted data" +Tainted data may not be used for a file or directory name. +This means that, for instance, &$local_part$& cannot be used directly +as a component of a path. It can however be used as the key for a lookup +which returns a path (or component). +.wen .cindex "Sieve filter" "configuring &(appendfile)&" diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 2b5b592c5..27292954a 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -87,6 +87,9 @@ JH/19 Bug 2507: Modules: on handling a dynamic-module (lookups) open failure, were used, and the second one (for mainlog/paniclog) retrieved null information. +JH/20 Taint checking: disallow use of tainted data for the appendfile transport + file and directory options. Previously this was permitted. + Exim version 4.93 ----------------- -- cgit v1.2.3