Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
Chris Edwards via Exim-users (Sa 08 Mai 2021 13:15:45
CEST):
> On Tue, 6 Apr 2021, Heiko Schlittermann via Exim-users wrote:
>
> > Currently I'm running this on a production systems without any issues so
> > far. You're invited to do tests in your systems too.
>
> Trying this version, with allow_insecure_tainted_data set, then this:
>
> testlist:
> driver = redirect
> data = :include:/some/where/${local_part}
>
> fails with error:
>
> LOG: MAIN PANIC DIE
> Taint mismatch, Ustrncpy: parse_forward_list 1393
>
> It looks like the :include: might be the issue.
>
> Not a problem here as I've now detainted this, but thought to report back.
Thanks, I'll try to reproduce it, and fix it.
--
Heiko
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
On Tue, 6 Apr 2021, Heiko Schlittermann via Exim-users wrote:
"ALLOW_INSECURE_TAINTED_DATA", currently enabled. Using this build time
option provides a new runtime option "allow_insecure_tainted_data", which
turns taint errors into warnings (and spams your log file).
[...]
Currently I'm running this on a production systems without any issues so
far. You're invited to do tests in your systems too.
Trying this version, with allow_insecure_tainted_data set, then this:
testlist:
driver = redirect
data = :include:/some/where/${local_part}
fails with error:
LOG: MAIN PANIC DIE
Taint mismatch, Ustrncpy: parse_forward_list 1393
It looks like the :include: might be the issue.
Not a problem here as I've now detainted this, but thought to report back.
Cheers
Chris
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
Thank you for spending your time :) Andreas Metzler via Exim-users (So 25 Apr 2021 08:12:58 CEST): > void > -openlogs(); > +open_logs(const char *m); > is the proper fix? It is one possible fix. But the char* isn't used anymore (was there for debugging). I updated the branch. > log.c: In function 'set_file_path': > log.c:654:45: warning: pointer type mismatch in conditional expression > 654 | uschar *ss = *log_file_path ? log_file_path : LOG_FILE_PATH; Same here. Fixed. > In file included from exim.h:486, > from log.c:13: > log.c:657:31: warning: passing argument 1 of 'string_nextinlist_trc' from > incompatible pointer type [-Wincompatible-pointer-types] > 657 | while ((s = string_nextinlist(, , log_buffer, > LOG_BUFFER_SIZE))) > functions.h:560:25: note: in definition of macro 'string_nextinlist' > 560 | string_nextinlist_trc((lp), (sp), (b), (l), US __FUNCTION__, > __LINE__) ditto. And finally I set my compiler options to be about the same as yours. -- Heiko signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
On 2021-04-25 Andreas Metzler wrote: > On 2021-04-24 Heiko Schlittermann wrote: > > I believe, the issue is fixed now. I'd be happy, if you **or anybody > > else** can give it a try. To avoid cluttering the official Exim repo, > > this branch is still only in my private but public repositories: > [...] > Good morning Heiko, > thank you. Will upload to Debian/experimental. [...] Hello, I forgot to confirm that the updated patchset fixes the error I had reported. ;-) cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
On 2021-04-24 Heiko Schlittermann wrote:
> I believe, the issue is fixed now. I'd be happy, if you **or anybody
> else** can give it a try. To avoid cluttering the official Exim repo,
> this branch is still only in my private but public repositories:
[...]
Good morning Heiko,
thank you. Will upload to Debian/experimental.
Compiler throws two new warnings:
appendfile.c: In function 'appendfile_transport_setup':
appendfile.c:238:1: warning: implicit declaration of function 'open_logs'; did
you mean 'openlogs'? [-Wimplicit-function-declaration]
238 | open_logs("appendfile");
| ^
| openlogs
I guess
void
-openlogs();
+open_logs(const char *m);
is the proper fix?
log.c: In function 'set_file_path':
log.c:654:45: warning: pointer type mismatch in conditional expression
654 | uschar *ss = *log_file_path ? log_file_path : LOG_FILE_PATH;
| ^
In file included from exim.h:486,
from log.c:13:
log.c:657:31: warning: passing argument 1 of 'string_nextinlist_trc' from
incompatible pointer type [-Wincompatible-pointer-types]
657 | while ((s = string_nextinlist(, , log_buffer, LOG_BUFFER_SIZE)))
functions.h:560:25: note: in definition of macro 'string_nextinlist'
560 | string_nextinlist_trc((lp), (sp), (b), (l), US __FUNCTION__, __LINE__)
| ^~
functions.h:561:53: note: expected 'const uschar **' {aka 'const unsigned char
**'} but argument is of type 'uschar **' {aka 'unsigned char **'}
561 | extern uschar *string_nextinlist_trc(const uschar **listptr, int
*separator, uschar *buffer, int buflen,
| ~~~^~~
cu Andreas
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
Hi Andreas,
I believe, the issue is fixed now. I'd be happy, if you **or anybody
else** can give it a try. To avoid cluttering the official Exim repo,
this branch is still only in my private but public repositories:
https://git.exim.org/users/heiko/exim.git/shortlog/refs/heads/exim-4.94+fixes+taintwarn
https://gitea.schlittermann.de/heiko/exim/src/branch/exim-4.94+fixes+taintwarn
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
Hi Andreas, the problem isn't caused by the new allow_insecure_tainted_data, but these warnings trigger the issue. We're in progress fixing it. -- Heiko signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
Heiko Schlittermann via Exim-users (So 11 Apr 2021 09:08:10 CEST): > Hi Andreas, > > which commit ID your build is based on? I'd like to reproduce it > locally. I can reproduce it using a minimal config, going to check it now. (The version I'm running on production systems doesn't do local delivery.) allow_insecure_tainted_data = yes log_selector = +pid acl_smtp_rcpt = accept begin routers accept: driver = accept check_local_user transport = local begin transports local: driver = appendfile group = mail file = /opt/exim/spool/mail/$local_part -- Heiko signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
Hi Andreas, which commit ID your build is based on? I'd like to reproduce it locally. Andreas Metzler via Exim-users (So 11 Apr 2021 08:51:48 CEST): > On 2021-04-06 Heiko Schlittermann via Exim-users wrote: > [...] > > .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA > > allow_insecure_tainted_data = yes > > .endif > > Hello, > > I just did a test build on the fixes branch, added the > allow_insecure_tainted_data setting and changed the mail_spool > transport: > - file = /var/mail/$local_part_data > + file = /var/mail/$local_part > > Success was limited though. Without the patch the message delivery is > deferred. With the patch the message is frozen for > "allow_insecure_tainted_data = yes" (log file excerpt below). > > ==> /var/log/exim4/mainlog <== > 2021-04-11 08:26:08 1lVTXs-000F7W-0D <= ametz...@bebt.de H=localhost > (argenau.bebt.de) [::1] P=esmtp S=476 id=20210411082607.058...@argenau.bebt.de > 2021-04-11 08:26:08 1lVTXs-000F7W-0D failed to read delivery status for > ametzler@localhost from delivery subprocess > > Debug log: … > 08:26:08 58130 ╰──(tainted) > 08:26:08 58130 LOG: MAIN > 08:26:08 58130 Warning: Tainted '/var/mail/ametzler' (file or directory > name for mail_spool transport) not permitted > 2021-04-11 08:26:08 1lVTXs-000F7W-0D Warning: Tainted '/var/mail/ametzler' > (file or directory name for mail_spool transport) not permitted … > 08:26:08 58130 lock name: /var/mail/ametzler.lock > 08:26:08 58130 hitch name: > /var/mail/ametzler.lock.argenau.bebt.de.60729680.e312 > 08:26:08 58130 LOG: MAIN > 08:26:08 58130 Warning: Tainted filename > '/var/mail/ametzler.lock.argenau.bebt.de.60729680.e312' > 08:26:08 58128 LOG: MAIN PANIC > 08:26:08 58128 failed to read delivery status for ametzler@localhost from > delivery subprocess Is there any indication that the child (delivery process) crashed? > BTW the build-log with patch is very noisy: > --- > cc -c -g -O2 -ffile-prefix-map=/dev/shm/EXIM4/exim-4.94=. > -fstack-protector-strong -Wformat -Werror=format-security > -D_LARGEFILE_SOURCE -fno-strict-aliasing -Wall -Wdate-time > -D_FORTIFY_SOURCE=2 -fvisibility=hidden -DCOMPILE_UTILITY -o util-spool_in.o > spool_in.c > In file included from exim.h:486, I'll check that noise. Thx. -- Heiko signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
On 2021-04-06 Heiko Schlittermann via Exim-users wrote:
[...]
> .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
> allow_insecure_tainted_data = yes
> .endif
Hello,
I just did a test build on the fixes branch, added the
allow_insecure_tainted_data setting and changed the mail_spool
transport:
- file = /var/mail/$local_part_data
+ file = /var/mail/$local_part
Success was limited though. Without the patch the message delivery is
deferred. With the patch the message is frozen for
"allow_insecure_tainted_data = yes" (log file excerpt below).
==> /var/log/exim4/mainlog <==
2021-04-11 08:26:08 1lVTXs-000F7W-0D <= ametz...@bebt.de H=localhost
(argenau.bebt.de) [::1] P=esmtp S=476 id=20210411082607.058...@argenau.bebt.de
2021-04-11 08:26:08 1lVTXs-000F7W-0D failed to read delivery status for
ametzler@localhost from delivery subprocess
Debug log:
08:26:08 58128 R: local_user for ametzler@localhost
08:26:08 58128 calling local_user router
08:26:08 58128 local_user router called for ametzler@localhost
08:26:08 58128 domain = localhost
08:26:08 58128 set transport mail_spool
08:26:08 58128 queued for mail_spool transport: local_part = ametzler
08:26:08 58128 domain = localhost
08:26:08 58128 errors_to=NULL
08:26:08 58128 domain_data=localhost local_part_data=ametzler
08:26:08 58128 routed by local_user router
08:26:08 58128 envelope to: ametzler@localhost
08:26:08 58128 transport: mail_spool
08:26:08 58128 >>
08:26:08 58128 After routing:
08:26:08 58128 Local deliveries:
08:26:08 58128 ametzler@localhost
08:26:08 58128 Remote deliveries:
08:26:08 58128 Failed addresses:
08:26:08 58128 Deferred addresses:
08:26:08 58128 search_tidyup called
08:26:08 58128 Local deliveries
08:26:08 58128 > ametzler@localhost <
08:26:08 58128 locking /var/spool/exim4/db/retry.lockfile
08:26:08 58128 locked /var/spool/exim4/db/retry.lockfile
08:26:08 58128 EXIM_DBOPEN: file dir
flags=O_RDONLY
08:26:08 58128 returned from EXIM_DBOPEN: 0x55693f0b8380
08:26:08 58128 opened hints database /var/spool/exim4/db/retry: flags=O_RDONLY
08:26:08 58128 dbfn_read: key=T:ametzler@localhost
08:26:08 58128 retry record exists: age=5m11s (max 1w)
08:26:08 58128 time to retry = 9m49s expired = 0
08:26:08 58128 EXIM_DBCLOSE(0x55693f0b8380)
08:26:08 58128 closed hints database and lockfile
08:26:08 58128 search_tidyup called
08:26:08 58128 daemon-accept-delivery forking for delivery-local
08:26:08 58128 daemon-accept-delivery forked for delivery-local: 58130
08:26:08 58130 postfork: delivery-local
08:26:08 58130 changed uid/gid: local delivery to ametzler
transport=mail_spool
08:26:08 58130 uid=1001 gid=8 pid=58130
08:26:08 58130 auxiliary group list:
08:26:08 58130 home=/home/ametzler current=/home/ametzler
08:26:08 58130 set_process_info: 58130 delivering 1lVTXs-000F7W-0D to ametzler
using mail_spool
08:26:08 58130 ╭considering: T: appendfile for $local_part@$domain
08:26:08 58130 ├──expanding: T: appendfile for $local_part@$domain
08:26:08 58130 ╰─result: T: appendfile for ametzler@localhost
08:26:08 58130 ╰──(tainted)
08:26:08 58130 T: appendfile for ametzler@localhost
08:26:08 58130 appendfile transport entered
08:26:08 58130 ╭considering: /var/mail/$local_part
08:26:08 58130 ├──expanding: /var/mail/$local_part
08:26:08 58130 ╰─result: /var/mail/ametzler
08:26:08 58130 ╰──(tainted)
08:26:08 58130 LOG: MAIN
08:26:08 58130 Warning: Tainted '/var/mail/ametzler' (file or directory name
for mail_spool transport) not permitted
2021-04-11 08:26:08 1lVTXs-000F7W-0D Warning: Tainted '/var/mail/ametzler'
(file or directory name for mail_spool transport) not permitted
08:26:08 58130 appendfile: mode=660 notify_comsat=0 quota=0 warning=0
08:26:08 58130 file=/var/mail/ametzler format=unix
08:26:08 58130 message_prefix=From ${if
def:return_path{$return_path}{MAILER-DAEMON}} ${tod_bsdinbox}\n
08:26:08 58130 message_suffix=\n
08:26:08 58130 maildir_use_size_file=no
08:26:08 58130 locking by lockfile fcntl
08:26:08 58130 lock name: /var/mail/ametzler.lock
08:26:08 58130 hitch name:
/var/mail/ametzler.lock.argenau.bebt.de.60729680.e312
08:26:08 58130 LOG: MAIN
08:26:08 58130 Warning: Tainted filename
'/var/mail/ametzler.lock.argenau.bebt.de.60729680.e312'
08:26:08 58128 LOG: MAIN PANIC
08:26:08 58128 failed to read delivery status for ametzler@localhost from
delivery subprocess
08:26:08 58128 LOG: MAIN PANIC
08:26:08 58128 appendfile transport process returned non-zero status 0x0100:
exit code 1
08:26:08 58128 mail_spool transport returned DEFER for ametzler@localhost
08:26:08 58128 added retry item for T:ametzler@localhost: errno=-1 more_errno=0
flags=0
08:26:08 58128 post-process ametzler@localhost (1)
08:26:08 58128 LOG: MAIN
08:26:08 58128 == ametzler@localhost R=local_user T=mail_spool defer (-1)
BTW the build-log with
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
Andreas Metzler via Exim-users (Sa 10 Apr 2021 18:06:05 CEST): > On 2021-04-06 Heiko Schlittermann via Exim-users wrote: > [...] > > .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA > > allow_insecure_tainted_data = yes > > .endif > [...] > > Suggestions, question, remarks are welcome. > > Nitpicks: > * The changes to doc/NewStuff should not be on +fixes. > * typos in spec.xftp: s/acessing/accessing/ Ok, I'll fix that, thank you. -- Heiko signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
Andreas Metzler via Exim-users (Sa 10 Apr 2021 17:37:56
CEST):
> On 2021-04-06 Heiko Schlittermann via Exim-users wrote:
> [...]
> > .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
> > allow_insecure_tainted_data = yes
> > .endif
> [...]
> > But as soon as the work stabilizes, it will be merged into the upstream
> > source. (For now, please expect changes in the commit history!)
> [...]
> > Suggestions, question, remarks are welcome.
>
> Thank you Heiko!
>
> I plan to add this to the next Debian release but without "taintwarn:
> set allow_insecure_data = true for 4.94+fixes". - I think it will work
> out better if we have a big fat warning
It would be good if we find more testers.
Anybody out there?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
On 2021-04-06 Heiko Schlittermann via Exim-users wrote: [...] > .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA > allow_insecure_tainted_data = yes > .endif [...] > Suggestions, question, remarks are welcome. Nitpicks: * The changes to doc/NewStuff should not be on +fixes. * typos in spec.xftp: s/acessing/accessing/ cu Andreas -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
On 2021-04-06 Heiko Schlittermann via Exim-users wrote: [...] > .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA > allow_insecure_tainted_data = yes > .endif [...] > But as soon as the work stabilizes, it will be merged into the upstream > source. (For now, please expect changes in the commit history!) [...] > Suggestions, question, remarks are welcome. Thank you Heiko! I plan to add this to the next Debian release but without "taintwarn: set allow_insecure_data = true for 4.94+fixes". - I think it will work out better if we have a big fat warning | Consider this a major exim release, almost all customized configurations | will require changes ... and a note on how to *temporary* work around this by setting allow_insecure_tainted_data in advance. If I do not do this I expect a neverending list of reports about either spammed logfile or breakage reports on 4.95. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
