Re: [exim] 4.96 and UUCP

Página superior
Este mensaje es parte del siguiente hilo:
MEl árbol completo de hilos, ordenados por fecha
MMarkus Reschke, mensaje del <-
MKirill Miazine, mensaje del ->
Eliminar este mensaje
Responder a este mensaje
Autor: Jeremy Harris
Fecha:  
A: exim-users
Asunto: Re: [exim] 4.96 and UUCP
On 28/06/2022 12:22, Markus Reschke via Exim-users wrote:
> IIRC, the 'recommended' way to solve issues with tainted variables is to perform a database lookup.

Actually, that is better phrased as "The requirement is to not use values provided
by potential attackers in sensitive situations" - and the common means of
not doing so is to obtain values from a trusted place, using (if needed) those
untrusted values as search keys.

Assuming there really is no way for you to use a pure SMTP environment
(i.e. dump UUCP), or somehow avoid using a pipe transport (I can't think
of a way offhand), any method here is going to be somewhat hacky. The
least-worst is probably to wrap your uux invocation in another program
(shell script, perl script, custom binary) which picks up the environment
variable $RECIPIENT.
--
Cheers,
Jeremy

Este mensaje se envió a las siguientes listas de correo:
Exim-users
Información de la lista de correo | Mensajes cercanos		<-Re: [exim] Exim 4.96 doesn't build on EL7/8/9, drtables.c:739:54: error: ‘NUL’ undeclaredRe: [exim] 4.96 and UUCP->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)