Re: [exim] "allow_insecure_tainted_data = yes" - was: tainte…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Heiko Schlittermann
Datum:  
To: exim-users
Betreff: Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
Chris Edwards via Exim-users <exim-users@???> (Sa 08 Mai 2021 13:15:45 CEST):
> On Tue, 6 Apr 2021, Heiko Schlittermann via Exim-users wrote:
>
> > Currently I'm running this on a production systems without any issues so
> > far. You're invited to do tests in your systems too.
>
> Trying this version, with allow_insecure_tainted_data set, then this:
>
>   testlist:
>     driver = redirect
>     data = :include:/some/where/${local_part}

>
> fails with error:
>
> LOG: MAIN PANIC DIE
> Taint mismatch, Ustrncpy: parse_forward_list 1393
>
> It looks like the :include: might be the issue.
>
> Not a problem here as I've now detainted this, but thought to report back.


Thanks, I'll try to reproduce it, and fix it.

--
Heiko