[exim-cvs] More taint notes

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Exim Git Commits Mailing List
Ημερομηνία:  
Προς: exim-cvs
Αντικείμενο: [exim-cvs] More taint notes
Gitweb: https://git.exim.org/exim.git/commitdiff/46e872abb44a2589488ec47febaf376c89688c1c
Commit:     46e872abb44a2589488ec47febaf376c89688c1c
Parent:     039f131577938145fb859309a9822fdce90d7155
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Nov 12 22:16:50 2020 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Thu Nov 12 22:16:50 2020 +0000


    More taint notes
---
 doc/doc-docbook/spec.xfpt | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 2dd6e44..d62ceaf 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -10147,7 +10147,7 @@ newline at the very end. For the &%header%& and &%bheader%& expansion, for
those headers that contain lists of addresses, a comma is also inserted at the
junctions between headers. This does not happen for the &%rheader%& expansion.

-.cindex "tainted data"
+.cindex "tainted data" "message headers"
When the headers are from an incoming message,
the result of expanding any of these variables is tainted.

@@ -14093,6 +14093,10 @@ taint mode of the Perl interpreter. You are encouraged to set this
option to a true value. To avoid breaking existing installations, it
defaults to false.

+.new
+&*Note*&: This is entirely separate from Exim's tainted-data tracking.
+.wen
+

.section "Calling Perl subroutines" "SECID86"
When the configuration file includes a &%perl_startup%& option you can make use