Re: [exim] [4.94.2] "tainted string" in paniclog in somewhat…

Etusivu
Tämä viesti kuuluu seuraavaan säikeeseen:
MNäytä säikeen viestit aikajärjestyksessä
MJeremy Harris <-
MMichal Soltys ->
Poista viesti
Vastaa
Lähettäjä: Jeremy Harris
Päiväys:  
Vastaanottaja: exim-users
Aihe: Re: [exim] [4.94.2] "tainted string" in paniclog in somewhat weird circumstance
On 07/07/2021 21:44, Jeremy Harris via Exim-users wrote:
> On 07/07/2021 16:17, Jeremy Harris via Exim-users wrote:
>> I'm failing to find in the code where that might happen,
>> unfortunately.
>
> Found it.  And, yes, that's a bug.
>
> Should be an easy fix.

Thinking on it, this is a poster-child for taint-tracking.

The bug was there at initial feature-introduction in 2004.
Nobody noticed, for seventeen years.
And it was potentially exploitable, until taint-tracking
was introduced.
--
Cheers,
Jeremy

Viesti on lähetetty seuraaville postituslistoille:
Exim-users
Tietoa listasta | Läheiset viestit		<-Re: [exim] Strange problem with the communication to ClamAVRe: [exim] Strange problem with the communication to ClamAV->
Tahini and Hummus and Cumin Development Archives ylläpitäjä cumin AdminsLurker (versio 2.3)