On Tue, 6 Apr 2021, Heiko Schlittermann via Exim-users wrote:
> "ALLOW_INSECURE_TAINTED_DATA", currently enabled. Using this build time
> option provides a new runtime option "allow_insecure_tainted_data", which
> turns taint errors into warnings (and spams your log file).
[...]
> Currently I'm running this on a production systems without any issues so
> far. You're invited to do tests in your systems too.
Trying this version, with allow_insecure_tainted_data set, then this:
testlist:
driver = redirect
data = :include:/some/where/${local_part}
fails with error:
LOG: MAIN PANIC DIE
Taint mismatch, Ustrncpy: parse_forward_list 1393
It looks like the :include: might be the issue.
Not a problem here as I've now detainted this, but thought to report back.
Cheers
Chris
