Kuseva yemeyili ye-Exim okugxekayo (), okungaholela ekwenzeni ikhodi ekude kuseva enamalungelo empande lapho kucutshungulwa isicelo esiklanywe ngokukhethekile. Amathuba okuxhashazwa kwenkinga aphawulwe ezinguqulweni ezisuka ku-4.87 kuya ku-4.91 ezihlanganisiwe noma uma kwakhiwa ngenketho ye-EXPERIMENTAL_EVENT.
Ekucushweni okuzenzakalelayo, ukuhlasela kungenziwa ngaphandle kwezinkinga ezingadingekile ngumsebenzisi wendawo, njengoba i-ACL ethi "qinisekisa = umamukeli" isetshenziswa, eyenza ukuhlola okwengeziwe kwamakheli angaphandle. Ukuhlasela okukude kungase kwenzeke lapho izilungiselelo zishintshwa, ezifana nokusebenza njenge-MX yesibili kwesinye isizinda, ukususa i-ACL "qinisekisa=umamukeli", noma izinguquko ezithile ku-local_part_suffix). Ukuhlasela okukude nakho kungenzeka uma umhlaseli ekwazi ukugcina ukuxhumeka kuseva kuvuliwe izinsuku ezingu-7 (isibonelo, ukuthumela ibhayithi eyodwa ngomzuzu ukuze kudlule isikhathi sokuvala). Ngesikhathi esifanayo, kungenzeka ukuthi kukhona ama-vectors alula okuhlasela okusetshenziselwa ukude inkinga.
Ukuba sengozini kubangelwa ukuqinisekiswa okungalungile kwekheli lomamukeli emsebenzini wokudiliva_umyalezo() ochazwe kufayela /src/deliver.c. Ngokukhohlisa ukufometha kwekheli, umhlaseli angakwazi ukuzuza ukufakwa esikhundleni kwedatha yakhe kuzimpikiswano zomyalo obizwa ngomsebenzi we-execv() onamalungelo empande. Ukusebenza akudingi ukusetshenziswa kwamasu ayinkimbinkimbi asetshenziselwa ukuchichima kwebhafa noma ukonakala kwenkumbulo; ukufaka esikhundleni sohlamvu olula kwanele.
Inkinga ihlobene nokusetshenziswa kokwakhiwa kokuguqulwa kwekheli:
deliver_localpart = expand_string(
string_sprintf("${local_part:%s}", new->address));
deliver_domain = expand_string(
string_sprintf("${domain:%s}", new->address));
Umsebenzi we-expand_string() uyisihlanganisi esiyinkimbinkimbi kakhulu, okuhlanganisa nokubona umyalo othi β${run{command arguments}β, okuholela ekwethulweni kwesibambi sangaphandle. Ngakho, ukuze uhlasele phakathi neseshini ye-SMTP, umsebenzisi wasendaweni udinga kuphela ukuthumela umyalo njengokuthi 'RCPT TO βusername+${run{...}}@localhostβ', lapho i-localhost ingomunye wabasingathi ophuma kuhlu lwezizinda_zasendaweni, futhi igama lomsebenzisi yigama lomsebenzisi wendawo okhona.
Uma iseva isebenza njengokudluliselwa kwemeyili, kwanele ukuthumela ukude umyalo othi 'RCPT TO "${run{...}}@relaydomain.com"', lapho i-relaydomain.com ingomunye wabasingathi abasohlwini lwe-relay_to_domains isigaba sezilungiselelo. Njengoba i-Exim ingenzi ngokuzenzakalelayo ukulahla imodi yelungelo (deliver_drop_privilege = amanga), imiyalo edluliswa ngokuthi "${run{...}}" izosetshenziswa njengempande.
Kuyaphawuleka ukuthi usengozini ekukhishweni okungu-4.92 okukhishwe ngoFebhuwari, ngaphandle kokugcizelela ukuthi ukulungisa kungase kuholele ezinkingeni zokuphepha. Asikho isizathu sokukholelwa ukuthi kube nokufihlwa ngamabomu ubungozi onjiniyela be-Exim, njengoba inkinga yalungiswa ngesikhathi ukwehluleka okwenzeka lapho amakheli angalungile asakazwa, kanye nokuba sengozini kutholwe yi-Qualys phakathi nokuhlolwa kwezinguquko ku-Exim.
Ukulungiswa kwezinguqulo zangaphambilini eziqhubeka nokusetshenziswa ekusabalaliseni kutholakala kuphela njenge . Ukukhishwa okulungile kwamagatsha adlule ukulungisa inkinga kuhlelelwe uJuni 11. Izibuyekezo zephakheji zilungele , , . ΠΈ Bahlinzeka ngenguqulo engu-4.92, lapho inkinga ingaveli khona. Inkinga ye-RHEL ne-CentOS , njengoba i-Exim ingafakiwe kunqolobane yabo yephakheji evamile.
Source: opennet.ru