Re: [exim] tainted data issues

Góra strony
Delete this message
Reply to this message
Autor: Michael Haardt
Data:  
Dla: Jeremy Harris via Exim-users
Temat: Re: [exim] tainted data issues
Jeremy Harris via Exim-users <exim-users@???> wrote:
> The one major hole I know of is for the creation of a
> mailbox file, first time, for an account.


After having reviewed a number of configurations, I am sure there is more.

While I am not pleased with the design of verifying tainted data, or
introducing it in such an invasive manner without a new major version,
the need of doing so absolutely exists. That said, the current design
is usable and it solves the problem. Using it may either convince us
of being the best solution, or show which specific alternative is better.

The ongoing configuration reviews certainly uncovered potential problems,
so rolling back is not an option without a replacement for the current
verification.

Michael