https://bugs.exim.org/show_bug.cgi?id=3065
Jeremy Harris <jgh146exb@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #3 from Jeremy Harris <jgh146exb@???> ---
It's up to you in your config to obtain untainted data for use in various
situations.
Fundamentally this means using trusted data, stored on the system.
Using tainted values as index values for lookups in such local storage
is permitted and common. The lookup could be (eg.) in an SQL DB, for a file in
a
known directory, or in a list directly written in the config.
Using tainted data for a filename is one of those not-permissible things.
Try the Concept Index of the docs, under "detainting".
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/