I have a suggestion, and that is to allow detainting of data via a new string
expansion called detaint.${detaint{<string>}{<charlist>}}Idea is that you
supply the string you want detainted, and a "permitted character list" where
all characters not on that list will be deleted.However, <charlist> must be
untainted. Would even be better to completely disable string expansion for
<charlist>.Example:if $domain contains
"sebbe.eu/../../../../etc/passwd"then${detaint{$domain}{abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.}}will
return:sebbe.eu........etcpasswdin detainted form - which will be safe to use
as a filenameOF COURSE its the system administrator's resposibility to supply a
character list that is "safe" for the use case of said tainted data.Since of
the new stricter taint rules, system administrators shouldn't need to specify
complete domain whitelists, its better to allow for "any domain" as long as
this "any domain" is scrubbed from any unsafe data.
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
