Page MenuHomePhabricator
Create Task
Maniphest T305962

Exim emitting warnings about tainted filenames
Closed, ResolvedPublicBUG REPORT
Actions

Description

We presently get a lot of these messages in our exim logs:

2022-04-11 21:47:15 Warning: Tainted filename for search '/etc/exim4/aliases/wikimedia.org'
2022-04-11 21:47:15 Warning: Tainted filename '/etc/exim4/aliases/wikimedia.org'
2022-04-11 21:47:15 Warning: Tainted filename for search '/etc/exim4/aliases/wikimedia.org'

These are due to using $domain, which is under the control of the email sender, as the value for a filename. Exim does not allow you to use sender controlled data for filename lookups. Instead we should switch to $domain_data which is the value of a domain lookup.

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+3 -3mx: use $domain_data rather than $domain for aliases
Customize query in gerrit

Event Timeline

jhathaway created this task.Apr 12 2022, 4:16 PM
Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptApr 12 2022, 4:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
gerritbot added a comment.Apr 12 2022, 4:22 PM

Change 779504 had a related patch set uploaded (by JHathaway; author: JHathaway):

[operations/puppet@production] mx: use $domain_data rather than $domain for aliases

https://gerrit.wikimedia.org/r/779504

gerritbot added a project: Patch-For-Review.Apr 12 2022, 4:22 PM
jhathaway added a comment.Apr 12 2022, 7:28 PM

Mailing list discussion, https://www.mail-archive.com/exim-users@exim.org/msg57122.html

gerritbot added a comment.Apr 13 2022, 6:52 PM

Change 779504 merged by JHathaway:

[operations/puppet@production] mx: use $domain_data rather than $domain for aliases

https://gerrit.wikimedia.org/r/779504

jhathaway closed this task as Resolved.Apr 13 2022, 7:00 PM
jhathaway claimed this task.

merged!

Maintenance_bot removed a project: Patch-For-Review.Apr 13 2022, 7:30 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL