X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/abbb897e0327fb13fd9989b6aea559abd2f09b56..c0e5623309880dd34f93de2552cb3a930761ad53:/doc/doc-docbook/spec.xfpt?ds=sidebyside diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index d839df80b..c71dfda73 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -13039,7 +13039,7 @@ listed in more than one group. .section "TLS" "SECID108" .table2 .row &%gnutls_compat_mode%& "use GnuTLS compatibility mode" -.row &%gnutls_enable_pkcs11%& "allow GnuTLS to autoload PKCS11 modules" +.row &%gnutls_allow_auto_pkcs11%& "allow GnuTLS to autoload PKCS11 modules" .row &%openssl_options%& "adjust OpenSSL compatibility options" .row &%tls_advertise_hosts%& "advertise TLS to these hosts" .row &%tls_certificate%& "location of server certificate" @@ -14077,7 +14077,7 @@ implementations of TLS. .new -option gnutls_enable_pkcs11 main boolean unset +option gnutls_allow_auto_pkcs11 main boolean unset This option will let GnuTLS (2.12.0 or later) autoload PKCS11 modules with the p11-kit configuration files in &_/etc/pkcs11/modules/_&. @@ -35863,6 +35863,8 @@ are given in chapter &<>&. .new .section "Running local commands" "SECTsecconslocalcmds" +.cindex "security" "local commands" +.cindex "security" "command injection attacks" There are a number of ways in which an administrator can configure Exim to run commands based upon received, untrustworthy, data. Further, in some configurations a user who can control a &_.forward_& file can also arrange to @@ -35907,6 +35909,41 @@ Consider the use of the &%inlisti%& expansion condition instead. + +.new +.section "Trust in configuration data" "SECTsecconfdata" +.cindex "security" "data sources" +.cindex "security" "regular expressions" +.cindex "regular expressions" "security" +.cindex "PCRE" "security" +If configuration data for Exim can come from untrustworthy sources, there +are some issues to be aware of: + +.ilist +Use of &%${expand...}%& may provide a path for shell injection attacks. +.next +Letting untrusted data provide a regular expression is unwise. +.next +Using &%${match...}%& to apply a fixed regular expression against untrusted +data may result in pathological behaviour within PCRE. Be aware of what +"backtracking" means and consider options for being more strict with a regular +expression. Avenues to explore include limiting what can match (avoiding &`.`& +when &`[a-z0-9]`& or other character class will do), use of atomic grouping and +possessive quantifiers or just not using regular expressions against untrusted +data. +.next +It can be important to correctly use &%${quote:...}%&, +&%${quote_local_part:...}%& and &%${quote_%&<&'lookup-type'&>&%:...}%& expansion +items to ensure that data is correctly constructed. +.next +Some lookups might return multiple results, even though normal usage is only +expected to yield one result. +.endlist +.wen + + + + .section "IPv4 source routing" "SECID272" .cindex "source routing" "in IP packets" .cindex "IP source routing"