Re: [exim] tainted data issues

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJeremy Harris at <-
M\Chris Siebenmann at ->
Delete this message
Reply to this message
Author: Michael Haardt
Date:  
To: Jeremy Harris via Exim-users
Subject: Re: [exim] tainted data issues
Jeremy Harris via Exim-users <exim-users@???> wrote:
> The one major hole I know of is for the creation of a
> mailbox file, first time, for an account.

After having reviewed a number of configurations, I am sure there is more.

While I am not pleased with the design of verifying tainted data, or
introducing it in such an invasive manner without a new major version,
the need of doing so absolutely exists. That said, the current design
is usable and it solves the problem. Using it may either convince us
of being the best solution, or show which specific alternative is better.

The ongoing configuration reviews certainly uncovered potential problems,
so rolling back is not an option without a replacement for the current
verification.

Michael

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] tainted data issuesRe: [exim] tainted data issues->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)