Re: [exim] Taint checking and exim 4.96rc0

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M-\MHeiko Schlittermann at <-
M\MMMichael Haardt at ->
Delete this message
Reply to this message
Author: Dean Brooks
Date:  
To: Andrew C Aitchison via Exim-users
Subject: Re: [exim] Taint checking and exim 4.96rc0
On Fri, Apr 29, 2022 at 05:16:45PM +0100, Andrew C Aitchison via Exim-users wrote:

> Given that taint checking appeared in Exim 4.93 and
> allow_insecure_tainted_data in Exim 4.95,
> this (Exim 4.96) would be the first time that allow_insecure_tainted_data
> would actually be helpful.
>
> Is it just me, or are others worried about the new taint checking
> having unexpected consequences and no way to disable it for debugging ?

I'd prefer the allow_insecure_tainted_data never be removed, now or in the future. At the least, as an experimental feature that requires intentional enabling during a source build. At the worst as a separate community maintained patch against the official source for each new release. Maintaining production mail systems that handle millions of messages a month is no trivial feat, and a single taint failure can turn (and has turned) a routine upgrade plan into a mess.

Thanks,
Dean

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Taint checking and exim 4.96rc0Re: [exim] Taint checking and exim 4.96rc0->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)