Re: [exim] 4.94 - De-tainting without lookup?

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Michael Haardt
Data:  
Para: Evgeniy Berdnikov via Exim-users
Asunto: Re: [exim] 4.94 - De-tainting without lookup?
Evgeniy Berdnikov via Exim-users <exim-users@???> wrote:

> On Mon, Jun 29, 2020 at 09:12:23AM +0200, Michael Haardt via Exim-users wrote:
> > Partially dsearch does that by not allowing "." and ".." as keys.
>
> It's pity, but it does... See thread
> https://lists.exim.org/lurker/thread/20200625.134349.ed703108.en.html


Oops. I missed that this was not considered to be a bug.

> I insist that dsearch MUST NOT return "." or ".." because those items
> are special for majority of file systems, so they can not be used
> to store data and are dangerous (!) to construct file path.
> It seems better to exclude those items from scan list.


Agreed.

Michael