Re: [exim] "allow_insecure_tainted_data = yes" - was: tainte…

Inizio della pagina
Delete this message
Reply to this message
Autore: Andreas Metzler
Data:  
To: exim-users
Oggetto: Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
On 2021-04-06 Heiko Schlittermann via Exim-users <exim-users@???> wrote:
[...]
>         .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
>         allow_insecure_tainted_data = yes
>         .endif

[...]
> But as soon as the work stabilizes, it will be merged into the upstream
> source. (For now, please expect changes in the commit history!)

[...]
> Suggestions, question, remarks are welcome.


Thank you Heiko!

I plan to add this to the next Debian release but without "taintwarn:
set allow_insecure_data = true for 4.94+fixes". - I think it will work
out better if we have a big fat warning

| Consider this a major exim release, almost all customized configurations
| will require changes ...


and a note on how to *temporary* work around this by setting
allow_insecure_tainted_data in advance.

If I do not do this I expect a neverending list of reports about either
spammed logfile or breakage reports on 4.95.

cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'