Re: [exim] [4.94.2] "tainted string" in paniclog in somewhat…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJeremy Harris at <-
M 
Delete this message
Reply to this message
Author: Michal Soltys
Date:  
To: Jeremy Harris, exim-users
Subject: Re: [exim] [4.94.2] "tainted string" in paniclog in somewhat weird circumstance
On 7/10/21 7:40 PM, Jeremy Harris via Exim-users wrote:
> On 07/07/2021 21:44, Jeremy Harris via Exim-users wrote:
>> On 07/07/2021 16:17, Jeremy Harris via Exim-users wrote:
>>> I'm failing to find in the code where that might happen,
>>> unfortunately.
>>
>> Found it.  And, yes, that's a bug.
>>
>> Should be an easy fix.
>
> Thinking on it, this is a poster-child for taint-tracking.
>
> The bug was there at initial feature-introduction in 2004.
> Nobody noticed, for seventeen years.
> And it was potentially exploitable, until taint-tracking
> was introduced.

All right, thanks for info !

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Strange problem with the communication to ClamAVRe: [exim] Strange problem with the communication to ClamAV->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)