There is also a command line option &%-pd%& (for delay) which suppresses the
initial startup, even if &%perl_at_start%& is set.
+.ilist
+.oindex "&%perl_taintmode%&"
+To provide more security executing Perl code via the embedded Perl
+interpeter, the &%perl_taintmode%& option can be set. This enables the
+taint mode of the Perl interpreter. You are encouraged to set this
+option to a true value. To avoid breaking existing installations, it
+defaults to false.
+
.section "Calling Perl subroutines" "SECID86"
When the configuration file includes a &%perl_startup%& option you can make use
.table2
.row &%perl_at_start%& "always start the interpreter"
.row &%perl_startup%& "code to obey when starting Perl"
+.row &%perl_taintmode%& "enable taint mode in Perl"
.endtable
.option perl_at_start main boolean false
+.cindex "Perl"
This option is available only when Exim is built with an embedded Perl
interpreter. See chapter &<<CHAPperl>>& for details of its use.
.option perl_startup main string unset
+.cindex "Perl"
This option is available only when Exim is built with an embedded Perl
interpreter. See chapter &<<CHAPperl>>& for details of its use.
+.option perl_startup main boolean false
+.cindex "Perl"
+This Option enables the taint mode of the embedded Perl interpreter.
+
.option pgsql_servers main "string list" unset
.cindex "PostgreSQL lookup type" "server list"
JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
added for tls authenticator.
+HS/03 Add perl_taintmode main config option
+
Exim version 4.85
-----------------
--- /dev/null
+perl_startup = $| = 1; print "<${^TAINT}>\n";
+perl_taintmode = yes
uschar *opt_perl_startup = NULL;
BOOL opt_perl_at_start = FALSE;
BOOL opt_perl_started = FALSE;
+BOOL opt_perl_taintmode = FALSE;
#endif
#ifdef EXPAND_DLFUNC
extern uschar *opt_perl_startup; /* Startup code for Perl interpreter */
extern BOOL opt_perl_at_start; /* Start Perl interpreter at start */
extern BOOL opt_perl_started; /* Set once interpreter started */
+extern BOOL opt_perl_taintmode; /* Enable taint mode in Perl */
#endif
#ifdef EXPAND_DLFUNC
/* This Perl add-on can be distributed under the same terms as Exim itself. */
/* See the file NOTICE for conditions of use and distribution. */
+#include <assert.h>
#include "exim.h"
#define EXIM_TRUE TRUE
uschar *
init_perl(uschar *startup_code)
{
- static int argc = 2;
- static char *argv[3] = { "exim-perl", "/dev/null", 0 };
+ static int argc = 1;
+ static char *argv[4] = { "exim-perl" };
SV *sv;
STRLEN len;
+ if (opt_perl_taintmode) argv[argc++] = "-T";
+ argv[argc++] = "/dev/null";
+ argv[argc] = 0;
+
+ assert(sizeof(argv)/sizeof(argv[0]) > argc);
+
if (interp_perl) return 0;
interp_perl = perl_alloc();
perl_construct(interp_perl);
#ifdef EXIM_PERL
{ "perl_at_start", opt_bool, &opt_perl_at_start },
{ "perl_startup", opt_stringptr, &opt_perl_startup },
+ { "perl_taintmode", opt_bool, &opt_perl_taintmode },
#endif
#ifdef LOOKUP_PGSQL
{ "pgsql_servers", opt_stringptr, &pgsql_servers },
projects / exim.git / commitdiff