Exim introduced variable tainting as a security measure starting from exim 4.93. Starting from exim 4.96, tainting is
mandatoryfor commands. This means that it is no longer possible to pass variables to pglister's inject.py (which
requirespassing $sender_address, $local_part, $domain and $header_message-id) or pgarchives' load_message.py (which
requirespassing $local_part).
Exim, while enforcing these strict security policies, only provides the possibility to de-taint variables in very
specificsituations (explicit matching with a list). Problem is known and discussed here [1]. This is very annoying in
ourcase, as $sender_address or $header_message-id can be pretty much anything (and no, matching against a regexp is not
sufficientto de-taint).
I've been scratching my head over this for a while and can't figure out a proper way to fix this issue. A possible
workaroundwould be to blindly de-taint anything using an ugly hack [2] but that defeats the purpose of having variable
taintingin the first place, and doesn't seem like a valid, long-term, production-ready solution.
I'm starting to wonder if the only solution would be to have pglister fetch information from exim in some way, instead
ofthe other way around.
Any idea?
[1] : https://lists.exim.org/lurker/message/20201109.222746.24ea3904.fi.html
[2] : https://jimbobmcgee.wordpress.com/2020/07/29/de-tainting-exim-configuration-variables/
--
Célestin Matte
