Autor: Michael Haardt Datum: To: Evgeniy Berdnikov via Exim-users Betreff: Re: [exim] 4.94 - De-tainting without lookup?
Evgeniy Berdnikov via Exim-users <exim-users@???> wrote:
> On Mon, Jun 29, 2020 at 09:12:23AM +0200, Michael Haardt via Exim-users wrote:
> > Partially dsearch does that by not allowing "." and ".." as keys.
>
> It's pity, but it does... See thread
> https://lists.exim.org/lurker/thread/20200625.134349.ed703108.en.html
Oops. I missed that this was not considered to be a bug.
> I insist that dsearch MUST NOT return "." or ".." because those items
> are special for majority of file systems, so they can not be used
> to store data and are dangerous (!) to construct file path.
> It seems better to exclude those items from scan list.