------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1062 Phil Pennock <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Phil Pennock <[email protected]> 2011-01-13 05:09:44 --- I remain opposed to this change. The only proponent is using recursion in ACL invocation based upon URLs encountered in a message body. Changing the maximum recursion depth just moves the problem around, it doesn't fix anything. But because the incident rate drops, people stop paying attention to the actual problem: with a sufficiently broken configuration, which pushes stack frames, with the number of those stack frames based upon content under attacker control, stack overflows will happen. Increasing the count permitted by Exim just increases the odds of encountering an OS ulimit. Do not use recursion in ACLs based upon message body content. The proponent's asked for other ways to do this and another mechanism was pointed out at the time. He has neglected to change his set-up but instead wants us to encourage bad practice. Unless one of the other maintainers speaks up to support this change, I will close this bug WONTFIX. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
