Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
Chris Edwards via Exim-users (Sa 08 Mai 2021 13:15:45
CEST):
> On Tue, 6 Apr 2021, Heiko Schlittermann via Exim-users wrote:
>
> > Currently I'm running this on a production systems without any issues so
> > far. You're invited to do tests in your systems too.
>
> Trying this version, with allow_insecure_tainted_data set, then this:
>
> testlist:
> driver = redirect
> data = :include:/some/where/${local_part}
>
> fails with error:
>
> LOG: MAIN PANIC DIE
> Taint mismatch, Ustrncpy: parse_forward_list 1393
>
> It looks like the :include: might be the issue.
>
> Not a problem here as I've now detainted this, but thought to report back.
Thanks, I'll try to reproduce it, and fix it.
--
Heiko
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] "allow_insecure_tainted_data = yes" - was: tainted data issues
On Tue, 6 Apr 2021, Heiko Schlittermann via Exim-users wrote:
"ALLOW_INSECURE_TAINTED_DATA", currently enabled. Using this build time
option provides a new runtime option "allow_insecure_tainted_data", which
turns taint errors into warnings (and spams your log file).
[...]
Currently I'm running this on a production systems without any issues so
far. You're invited to do tests in your systems too.
Trying this version, with allow_insecure_tainted_data set, then this:
testlist:
driver = redirect
data = :include:/some/where/${local_part}
fails with error:
LOG: MAIN PANIC DIE
Taint mismatch, Ustrncpy: parse_forward_list 1393
It looks like the :include: might be the issue.
Not a problem here as I've now detainted this, but thought to report back.
Cheers
Chris
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
