Re: [exim] Taint checking and exim 4.96rc0

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M-\MDean Brooks at <-
M\MMKirill Miazine at ->
Delete this message
Reply to this message
Author: Michael Haardt
Date:  
To: Exim Mailing List
Subject: Re: [exim] Taint checking and exim 4.96rc0
Dean Brooks via Exim-users <exim-users@???> wrote:

> On Fri, Apr 29, 2022 at 05:16:45PM +0100, Andrew C Aitchison via Exim-users wrote:
>
> > Given that taint checking appeared in Exim 4.93 and
> > allow_insecure_tainted_data in Exim 4.95,
> > this (Exim 4.96) would be the first time that allow_insecure_tainted_data
> > would actually be helpful.
> >
> > Is it just me, or are others worried about the new taint checking
> > having unexpected consequences and no way to disable it for debugging ?
>
> I'd prefer the allow_insecure_tainted_data never be removed, now or in the future. At the least, as an experimental feature that requires intentional enabling during a source build. At the worst as a separate community maintained patch against the official source for each new release. Maintaining production mail systems that handle millions of messages a month is no trivial feat, and a single taint failure can turn (and has turned) a routine upgrade plan into a mess.

100% agreement. Having to include it as build option is reasonable.

Michael

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Taint checking and exim 4.96rc0Re: [exim] Taint checking and exim 4.96rc0->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)