Bug 6358 - Configuration options from file now tainted
Summary: Configuration options from file now tainted
Status: RESOLVED WONTFIX
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Libraries (show other bugs)
Version: 3.3.0
Hardware: All Linux
: P5 minor
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-02 11:25 UTC by decoder@own-hero.net
Modified: 2019-07-31 04:49 UTC (History)
3 users (show)


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description decoder@own-hero.net 2010-03-02 11:25:24 UTC 
Hello there,


opening this in bugzilla to discuss here (as discussed via mail before):

Since SA 3.3.0, SA seems to consider variables that are read from configuration files as tainted, even if they are read through the normal SA configuration parser API. I don't really see the point for this because these options are meant to be controlled by the user (explicitly), that's why they are in a configuration file. In my case, these are even controlled only by the system administrator. Furthermore, the SA parser already performs checks on these values based on that is specified in the parser options.

Unfortunately, this change hasn't even been listed in the ChangeLog (apologies if it is listed and I just haven't seen it yet), so I don't fully know yet when something is considered tainted and when not.

What is the preferred way/recommendation of the devs here? As a short fix, I untainted all configuration values again after the parser has finished.


Cheers,


Chris
Comment 1 Kevin A. McGrail 2012-01-18 23:44:19 UTC 
Can you mention a real-world problem this causes, please?
Comment 2 decoder@own-hero.net 2012-01-18 23:50:37 UTC 
Although this bug is ancient and I don't maintain the plugin anymore, this caused plugins to malfunction if they did not explicitly untaint configuration values that the SA config parser gave them.
Comment 3 Henrik Krohns 2019-07-31 04:49:23 UTC 
Closing old stale bug. Anything read from outside is tainted, and should be assumed hostile unless verified otherwise. Users and even update channels can be malicious.