From: Jeremy Harris Date: Wed, 8 Jan 2020 13:51:42 +0000 (+0000) Subject: Docs: warn against using $local_part directly in delivery X-Git-Url: https://git.exim.org/users/jgh/exim.git/commitdiff_plain/cf8b2c5789b6b6cfc2bb0dd84753ed7ec746d444?ds=sidebyside Docs: warn against using $local_part directly in delivery --- diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 4d02bdc32..8b1522795 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -6362,7 +6362,7 @@ All other options are defaulted. .code local_delivery: driver = appendfile - file = /var/mail/$local_part + file = /var/mail/$home delivery_date_add envelope_to_add return_path_add @@ -12385,6 +12385,18 @@ Global address rewriting happens when a message is received, so the value of because a message may have many recipients and the system filter is called just once. +.new +&*Warning*&: the content of this variable is provided by a potential attacker. +Consider carefully the implications of using it unvalidated as a name +for file access. +This presents issues for users' &_.forward_& and filter files. +For traditional full user accounts, use &%check_local_users%& and the &$home$& +variable rather than this one. +For virtual users, store a suitable pathname component in the database +which is used for account name validation, and use that retrieved value +rather than this variable. +.wen + .vindex "&$local_part_prefix$&" .vindex "&$local_part_suffix$&" .cindex affix variables @@ -20528,6 +20540,15 @@ is not the case when the file contains syntactically valid items that happen to yield empty addresses, for example, items containing only RFC 2822 address comments. +.new +&*Warning*&: It is unwise to use &$local_part$& or &$domain$& +directly for redirection, +as they are provided by a potential attacker. +In the examples above, &$local_part$& is used for looking up data held locally +on the system, and not used directly (the second example derives &$home$& via +the passsword file or database, using &$local_part$&). +.wen + .section "Forward files and address verification" "SECID125" diff --git a/src/src/configure.default b/src/src/configure.default index cf38305e5..08f5a9d10 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -863,7 +863,7 @@ smarthost_smtp: local_delivery: driver = appendfile - file = /var/mail/$local_part + file = /var/mail/$home delivery_date_add envelope_to_add return_path_add