[exim] Run expansion with a tainted variable

Dominic Preston via Exim-users Sat, 18 May 2024 09:30:07 -0700

Hello,

I have a run expansion using a tainted variable:


condition = ${run{/usr/bin/spfquery.mail-spf-perl \
               --ip $sender_host_address \
               --scope mfrom \
               --identity $sender_address} \
               {no}{${if eq {$runrc}{1}{yes}{no}}}}

Is this usage of $sender_address safe? And if not, what would I do to
make it safe?

Thanks,
Dominic.

-- 
## subscription configuration (requires account):
##   https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
##   exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] Run expansion with a tainted variable

Reply via email to