Can we revisit whether it makes sense to add these?
The forbid_run patch is absolutely trivial.
The perl lockdown one, as I originally mentioned, probably needs to
be behind a config option.
From my previous email:
Hi,
I wanted to share some simple patches I've written for Exim that make
On 25/07/2019 17:16, Ryan Castellucci via Exim-dev wrote:
> I welcome any feedback on these proposed changes.
Without denying the possible value of such restrictions,
a more general protection against this class of exploits
has been developed, and hit the git repo yesterday:
f3ebb786e Track
Hi,
I wanted to share some simple patches I've written for Exim that make
exploitation of string expansion more difficult.
The first one adds a config option to globally disable "${run {...}}":
https://gist.github.com/ryancdotorg/2643c2662a7e0f7554ecec295fb23c0c
This hooks up a global