Andrew C Aitchison via Exim-users <[email protected]> (Fr 29 Apr 2022 18:16:45 CEST): > To which Jeremy replied: > > The trouble with that is that it means the coverage of tracking > > tainted data use can never be extended. > > > > The commit for that removal is fairly extensive: > - see https://lists.exim.org/lurker/message/20220427.174941.443df2eb.en.html > for the 27 reverts and 35 files changed. > > Given that taint checking appeared in Exim 4.93 and > allow_insecure_tainted_data in Exim 4.95, > this (Exim 4.96) would be the first time that allow_insecure_tainted_data > would actually be helpful. > > Is it just me, or are others worried about the new taint checking > having unexpected consequences and no way to disable it for debugging ?
The "allow_insecure_tainted_data" was introduced to ease the migration
from 4.94 to 4.95, giving you/us a timeframe to upgrade existing
configurations to be taintproof.
Before upgrading to 4.96 you should have a taintproof (secure)
configuration. The deprecation of "allow_insecure_tainted_data" was
announced with the advent of this option already.
Which point did I miss? Do we have *new* taintchecks that break
configurations that were considered secure with 4.95?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
