Re: [exim] tainted data issues

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Michael Haardt
日付:  
To: Jeremy Harris via Exim-users
題目: Re: [exim] tainted data issues
Jeremy Harris via Exim-users <exim-users@???> wrote:
> The one major hole I know of is for the creation of a
> mailbox file, first time, for an account.


After having reviewed a number of configurations, I am sure there is more.

While I am not pleased with the design of verifying tainted data, or
introducing it in such an invasive manner without a new major version,
the need of doing so absolutely exists. That said, the current design
is usable and it solves the problem. Using it may either convince us
of being the best solution, or show which specific alternative is better.

The ongoing configuration reviews certainly uncovered potential problems,
so rolling back is not an option without a replacement for the current
verification.

Michael