On Sat, Nov 25, 2006 at 11:42:17AM +0100, Marc Haber wrote: > Agreed. We're going to introduce basic input sanitazion post-etch. > Sorry, but this is simply too late for etch now.
Maybe it's late (or dangerous) to do so in the config scripts but, ¿how about chaning exim4's (server) init.d script so that it warns on startup if it finds a botched (i.e. with non-ASCII chars) /etc/mailname? That way (on installation, when exim4 is started) the user would be presented a warning (or error) that the installation is not OK and presented with a proper message. How about the attached patch improving this? Regards Javier
--- exim4.orig 2006-11-25 13:01:32.000000000 +0100
+++ exim4 2006-11-25 13:06:59.000000000 +0100
@@ -41,6 +41,7 @@
UPEX4OPTS=''
PIDFILE="/var/run/exim4/exim.pid"
QRPIDFILE="/var/run/exim4/eximqr.pid"
+MAILNAME=/etc/mailname
[ -f /etc/default/exim4 ] && . /etc/default/exim4
upex4conf() {
@@ -208,6 +209,20 @@
fi
}
+# check the mailname
+ismailnamevalid()
+{
+# does it exist?
+if [ ! -e "$MAILNAME" ] ; then
+ log 1 "Error! /etc/mailname is missing. Exiting."
+ exit 1
+fi
+# does it contains invalid (non-ASCII) characters?
+if cat -v "$MAILNAME" | grep -q '\^' ; then
+ log 1 "Warning! /etc/mailname contains invalid (non-ASCII) characters.
Please review its contents."
+fi
+}
+
# check for non-empty paniclog
warn_paniclog()
{
@@ -224,6 +239,7 @@
# regenerate exim4.conf
upex4conf
isconfigvalid
+ ismailnamevalid
start_exim
log_end_msg 0
warn_paniclog
signature.asc
Description: Digital signature
