diff options
| author | Phil Pennock <pdp@exim.org> | 2013-10-24 20:38:28 -0400 |
|---|---|---|
| committer | Phil Pennock <pdp@exim.org> | 2013-10-24 20:46:27 -0400 |
| commit | 69aca2feaca1ebbc55c6f1adaee4738dc328ae90 (patch) | |
| tree | 80107965445f7db62006f68bd4cd573447bc2211 | |
| parent | b79bf0ff013a1cbb22845ffa15411d5af30bf278 (diff) | |
| download | exim4-exim-4_82.tar.gz | |
Doc/Spec: section "Trust in configuration data"exim-4_82
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index ec01e1669..c71dfda73 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -35863,6 +35863,8 @@ are given in chapter &<<CHAPappendfile>>&. .new .section "Running local commands" "SECTsecconslocalcmds" +.cindex "security" "local commands" +.cindex "security" "command injection attacks" There are a number of ways in which an administrator can configure Exim to run commands based upon received, untrustworthy, data. Further, in some configurations a user who can control a &_.forward_& file can also arrange to @@ -35907,6 +35909,41 @@ Consider the use of the &%inlisti%& expansion condition instead. + +.new +.section "Trust in configuration data" "SECTsecconfdata" +.cindex "security" "data sources" +.cindex "security" "regular expressions" +.cindex "regular expressions" "security" +.cindex "PCRE" "security" +If configuration data for Exim can come from untrustworthy sources, there +are some issues to be aware of: + +.ilist +Use of &%${expand...}%& may provide a path for shell injection attacks. +.next +Letting untrusted data provide a regular expression is unwise. +.next +Using &%${match...}%& to apply a fixed regular expression against untrusted +data may result in pathological behaviour within PCRE. Be aware of what +"backtracking" means and consider options for being more strict with a regular +expression. Avenues to explore include limiting what can match (avoiding &`.`& +when &`[a-z0-9]`& or other character class will do), use of atomic grouping and +possessive quantifiers or just not using regular expressions against untrusted +data. +.next +It can be important to correctly use &%${quote:...}%&, +&%${quote_local_part:...}%& and &%${quote_%&<&'lookup-type'&>&%:...}%& expansion +items to ensure that data is correctly constructed. +.next +Some lookups might return multiple results, even though normal usage is only +expected to yield one result. +.endlist +.wen + + + + .section "IPv4 source routing" "SECID272" .cindex "source routing" "in IP packets" .cindex "IP source routing" |