[exim-dev] [Bug 2506] taint issue in Sieve filter

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2506] taint issue in Sieve filter
https://bugs.exim.org/show_bug.cgi?id=2506

Jeremy Harris <jgh146exb@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |INVALID


--- Comment #2 from Jeremy Harris <jgh146exb@???> ---
This turns out to be due to specifying the file option for a redirect router
using tainted data ($local_part). Fixed by using check_local_user and $home
instead.

The detection could be better, earlier in processing and indicating the mistake
-
but this complaint of tainted data use is not a bug. Closing on that basis.

--
You are receiving this mail because:
You are on the CC list for the bug.