[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#988078: release-notes: add information regarding exim4 and 'tainted data' issue

Control: tags -1 patch

Hi Paul, Andreas,

On 10-05-2021 05:58, Justin B Rye wrote:
> (Is it possible we could shorten this by pointing to some external
> reference here?)

I'd like this too.

> So if I'm getting this formatting right it would be:

There was one bug, and I improved the display of the programlistings a
bit (we reserve <screen> for the command window). Attached my local
commit, ready to push if no updates arrive.

Paul

From a6b790206c76974b5b9eb32d75674fee5655efff Mon Sep 17 00:00:00 2001
From: Paul Gevers <elbrus@debian.org>
Date: Thu, 13 May 2021 22:27:50 +0200
Subject: [PATCH] issues.dbk: Exim 4.94 major upgrade: tainted data

Closes: #988078
---
 en/issues.dbk | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 72 insertions(+), 1 deletion(-)

diff --git a/en/issues.dbk b/en/issues.dbk
index 82a8a60b..43c9534e 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -337,7 +337,78 @@ kernel.unprivileged_userns_clone = 0
       </para>
     </section>
 
-    <section id="before-first-reboot">
+  <section>
+    <title>Exim 4.94</title>
+    <para>
+      Please consider the version of Exim in bullseye a
+      <emphasis>major</emphasis> Exim upgrade. It introduces the
+      concept of tainted data read from untrusted sources, like e.g.
+      message sender or recipient. This tainted data (e.g.
+      <literal>$local_part</literal> or <literal>$domain</literal>)
+      cannot be used among other things as a file or directory name or
+      command name.
+    </para>
+    <para>
+      This <emphasis>will break</emphasis> configurations which are
+      not updated accordingly. Old Debian Exim configuration files
+      also will not work unmodified; the new configuration needs to be
+      installed with local modifications merged in.
+    </para>
+    <para>
+      Typical nonworking examples include:
+    </para>
+    <itemizedlist>
+      <listitem>
+        <para>
+          Delivery to <filename>/var/mail/$local_part</filename>. Use
+          <literal>$local_part_data</literal> in combination with
+          <literal>check_local_user</literal>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Using
+        </para>
+        <programlisting>
+data = ${lookup{$local_part}lsearch{/some/path/$domain/aliases}}
+</programlisting>
+        <para>
+          instead of
+        </para>
+        <programlisting>
+data = ${lookup{$local_part}lsearch{/some/path/$domain_data/aliases}}
+</programlisting>
+        <para>
+          for a virtual domain alias file.
+        </para>
+      </listitem>
+    </itemizedlist>
+    <para>
+      The basic strategy for dealing with this change is to use the
+      result of a lookup in further processing instead of the original
+      (remote provided) value.
+    </para>
+    <para>
+      To ease upgrading there is a new main configuration option to
+      temporarily downgrade taint errors to warnings, letting the old
+      configuration work with the newer Exim. To make use of this
+      feature add
+     </para>
+     <programlisting>
+.ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
+ allow_insecure_tainted_data = yes
+.endif
+</programlisting>
+     <para>
+      to the Exim configuration (e.g. to
+      <filename>/etc/exim4/exim4.conf.localmacros</filename>)
+      <emphasis>before</emphasis> upgrading and check the logfile for
+      taint warnings. This is a temporary workaround which is already
+      marked for removal on introduction.
+    </para>
+  </section>
+
+  <section id="before-first-reboot">
       <title>Things to do post upgrade before rebooting</title>
       <!-- If there is nothing to do -->
       <para>
-- 
2.30.2

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to: