[prev in list] [next in list] [prev in thread] [next in thread] 

List:       exim-users
Subject:    Re: [exim] Should the taint checks apply to arguments?
From:       Evgeniy Berdnikov via Exim-users <exim-users () exim ! org>
Date:       2021-06-01 12:11:51
Message-ID: 20210601121151.GC2743 () protva ! ru
[Download RAW message or body]

On Tue, Jun 01, 2021 at 12:56:04PM +0200, Sebastian via Exim-users wrote:
> Fetching in the argument via environment variable is safe (as long as you in the script doesn't use
> it for something dangerous, but that’s not exim's fault), since then you cannot use the variable to
> escape out of the shell.

 There was a bug in Bash: any environment variable containing "name(){...}"
 was interpreted as a function definition on shell startup. It has lead to
 several exploits against Apache and other web servers distributed with
 innocent shell scripts (such as "printenv") in cgi-bin adirectories.
-- 
 Eugene Berdnikov

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[prev in list] [next in list] [prev in thread] [next in thread]