From 2f680c0c44778f97c056fb06d60fb03f4cf69c31 Mon Sep 17 00:00:00 2001 From: "Heiko Schlittermann (HS12-RIPE)" Date: Mon, 1 Feb 2016 13:13:27 +0100 Subject: [PATCH] Add perl_taintmode option --- doc/doc-docbook/spec.xfpt | 18 ++++++++++++++++++ doc/doc-txt/ChangeLog | 2 ++ doc/doc-txt/NewStuff | 3 +++ src/conf | 2 ++ src/src/globals.c | 1 + src/src/globals.h | 1 + src/src/perl.c | 11 +++++++++-- src/src/readconf.c | 1 + test/confs/3001 | 2 +- test/confs/3002 | 2 +- test/confs/3011 | 5 +++++ test/confs/3012 | 7 +++++++ test/scripts/3000-Perl/3011 | 3 +++ test/scripts/3000-Perl/3012 | 1 + test/stdout/3011 | 1 + test/stdout/3012 | 1 + 16 files changed, 57 insertions(+), 4 deletions(-) create mode 100644 src/conf create mode 100644 test/confs/3011 create mode 100644 test/confs/3012 create mode 100644 test/scripts/3000-Perl/3011 create mode 120000 test/scripts/3000-Perl/3012 create mode 100644 test/stdout/3011 create mode 100644 test/stdout/3012 diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index e30f17cc0..5eb3d1909 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -12977,6 +12977,17 @@ overriding the setting of &%perl_at_start%&. There is also a command line option &%-pd%& (for delay) which suppresses the initial startup, even if &%perl_at_start%& is set. +.new +.ilist +.oindex "&%perl_taintmode%&" +.cindex "Perl" "taintmode" +To provide more security executing Perl code via the embedded Perl +interpeter, the &%perl_taintmode%& option can be set. This enables the +taint mode of the Perl interpreter. You are encouraged to set this +option to a true value. To avoid breaking existing installations, it +defaults to false. +.wen + .section "Calling Perl subroutines" "SECID86" When the configuration file includes a &%perl_startup%& option you can make use @@ -13505,6 +13516,7 @@ listed in more than one group. .table2 .row &%perl_at_start%& "always start the interpreter" .row &%perl_startup%& "code to obey when starting Perl" +.row &%perl_taintmode%& "enable taint mode in Perl" .endtable @@ -15622,14 +15634,20 @@ local parts. Exim's default configuration does this. .option perl_at_start main boolean false +.cindex "Perl" This option is available only when Exim is built with an embedded Perl interpreter. See chapter &<>& for details of its use. .option perl_startup main string unset +.cindex "Perl" This option is available only when Exim is built with an embedded Perl interpreter. See chapter &<>& for details of its use. +.option perl_startup main boolean false +.cindex "Perl" +This Option enables the taint mode of the embedded Perl interpreter. + .option pgsql_servers main "string list" unset .cindex "PostgreSQL lookup type" "server list" diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 6c55bd82c..496e9d07e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -329,6 +329,8 @@ JH/35 Bug 1642: Fix support of $spam_ variables at delivery time. Was JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command added for tls authenticator. +HS/03 Add perl_taintmode main config option + Exim version 4.85 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 4f369bc65..07e6f1dba 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -9,6 +9,9 @@ the documentation is updated, this file is reduced to a short list. Version 4.88 ------------ + 1. The new perl_tainmode option allows to run the embedded perl + interpreter in taint mode. + Version 4.87 ------------ diff --git a/src/conf b/src/conf new file mode 100644 index 000000000..1619c0da8 --- /dev/null +++ b/src/conf @@ -0,0 +1,2 @@ +perl_startup = $| = 1; print "<${^TAINT}>\n"; +perl_taintmode = yes diff --git a/src/src/globals.c b/src/src/globals.c index 8e5a4dfe8..be1fae849 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -49,6 +49,7 @@ duplicate them here... */ uschar *opt_perl_startup = NULL; BOOL opt_perl_at_start = FALSE; BOOL opt_perl_started = FALSE; +BOOL opt_perl_taintmode = FALSE; #endif #ifdef EXPAND_DLFUNC diff --git a/src/src/globals.h b/src/src/globals.h index 5a0b79eb1..72bb13919 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -28,6 +28,7 @@ typedef volatile sig_atomic_t SIGNAL_BOOL; extern uschar *opt_perl_startup; /* Startup code for Perl interpreter */ extern BOOL opt_perl_at_start; /* Start Perl interpreter at start */ extern BOOL opt_perl_started; /* Set once interpreter started */ +extern BOOL opt_perl_taintmode; /* Enable taint mode in Perl */ #endif #ifdef EXPAND_DLFUNC diff --git a/src/src/perl.c b/src/src/perl.c index 543b5d27d..fbe9ee842 100644 --- a/src/src/perl.c +++ b/src/src/perl.c @@ -13,6 +13,7 @@ /* This Perl add-on can be distributed under the same terms as Exim itself. */ /* See the file NOTICE for conditions of use and distribution. */ +#include #include "exim.h" #define EXIM_TRUE TRUE @@ -95,11 +96,17 @@ static void xs_init(pTHX) uschar * init_perl(uschar *startup_code) { - static int argc = 2; - static char *argv[3] = { "exim-perl", "/dev/null", 0 }; + static int argc = 1; + static char *argv[4] = { "exim-perl" }; SV *sv; STRLEN len; + if (opt_perl_taintmode) argv[argc++] = "-T"; + argv[argc++] = "/dev/null"; + argv[argc] = 0; + + assert(sizeof(argv)/sizeof(argv[0]) > argc); + if (interp_perl) return 0; interp_perl = perl_alloc(); perl_construct(interp_perl); diff --git a/src/src/readconf.c b/src/src/readconf.c index 5ca6a8476..ba4cb668b 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -349,6 +349,7 @@ static optionlist optionlist_config[] = { #ifdef EXIM_PERL { "perl_at_start", opt_bool, &opt_perl_at_start }, { "perl_startup", opt_stringptr, &opt_perl_startup }, + { "perl_taintmode", opt_bool, &opt_perl_taintmode }, #endif #ifdef LOOKUP_PGSQL { "pgsql_servers", opt_stringptr, &pgsql_servers }, diff --git a/test/confs/3001 b/test/confs/3001 index 86ecee108..bc0e7e771 100644 --- a/test/confs/3001 +++ b/test/confs/3001 @@ -1,4 +1,4 @@ -# exim test configuration 0615 +# exim test configuration 3001 exim_path = EXIM_PATH tls_advertise_hosts = spool_directory = DIR/spool diff --git a/test/confs/3002 b/test/confs/3002 index 7962d9734..9b668f002 100644 --- a/test/confs/3002 +++ b/test/confs/3002 @@ -1,4 +1,4 @@ -# exim test configuration 0616 +# exim test configuration 3002 exim_path = EXIM_PATH keep_environment = ^FOO\d : BAR add_environment = ADDED1=added1 : ADDED2=added2 diff --git a/test/confs/3011 b/test/confs/3011 new file mode 100644 index 000000000..f584ff517 --- /dev/null +++ b/test/confs/3011 @@ -0,0 +1,5 @@ +# exim test configuration 3011 +exim_path = EXIM_PATH +tls_advertise_hosts = +spool_directory = DIR/spool +perl_startup = sub taint_flag { ${^TAINT} ? 'ON' : 'OFF' } diff --git a/test/confs/3012 b/test/confs/3012 new file mode 100644 index 000000000..505e49f94 --- /dev/null +++ b/test/confs/3012 @@ -0,0 +1,7 @@ +# exim test configuration 3012 +exim_path = EXIM_PATH +keep_environment = ^FOO\d : BAR +add_environment = ADDED1=added1 : ADDED2=added2 +tls_advertise_hosts = +perl_startup = sub taint_flag { ${^TAINT} ? 'ON' : 'OFF' } +perl_taintmode = yes diff --git a/test/scripts/3000-Perl/3011 b/test/scripts/3000-Perl/3011 new file mode 100644 index 000000000..87b32e7cf --- /dev/null +++ b/test/scripts/3000-Perl/3011 @@ -0,0 +1,3 @@ +# Perl w/o taintmode +exim -be '${perl{taint_flag}}' +**** diff --git a/test/scripts/3000-Perl/3012 b/test/scripts/3000-Perl/3012 new file mode 120000 index 000000000..3ae81fbb2 --- /dev/null +++ b/test/scripts/3000-Perl/3012 @@ -0,0 +1 @@ +3011 \ No newline at end of file diff --git a/test/stdout/3011 b/test/stdout/3011 new file mode 100644 index 000000000..6506cb3d7 --- /dev/null +++ b/test/stdout/3011 @@ -0,0 +1 @@ +OFF diff --git a/test/stdout/3012 b/test/stdout/3012 new file mode 100644 index 000000000..76371f28f --- /dev/null +++ b/test/stdout/3012 @@ -0,0 +1 @@ +ON -- 2.30.2