Re: [exim] "allow_insecure_tainted_data = yes" - was: tainte…

Góra strony
Delete this message
Reply to this message
Autor: Chris Edwards
Data:  
Dla: exim-users
Temat: Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
On Tue, 6 Apr 2021, Heiko Schlittermann via Exim-users wrote:

> "ALLOW_INSECURE_TAINTED_DATA", currently enabled. Using this build time
> option provides a new runtime option "allow_insecure_tainted_data", which
> turns taint errors into warnings (and spams your log file).


[...]

> Currently I'm running this on a production systems without any issues so
> far. You're invited to do tests in your systems too.


Trying this version, with allow_insecure_tainted_data set, then this:

   testlist:
     driver = redirect
     data = :include:/some/where/${local_part}


fails with error:

LOG: MAIN PANIC DIE
Taint mismatch, Ustrncpy: parse_forward_list 1393

It looks like the :include: might be the issue.

Not a problem here as I've now detainted this, but thought to report back.

Cheers

Chris