Chris Edwards via Exim-users (Sa 08 Mai 2021 13:15:45
CEST):
> On Tue, 6 Apr 2021, Heiko Schlittermann via Exim-users wrote:
>
> > Currently I'm running this on a production systems without any issues so
> > far. You're invited to do tests in your systems too.
>
> Trying this version, with allo
On Tue, 6 Apr 2021, Heiko Schlittermann via Exim-users wrote:
"ALLOW_INSECURE_TAINTED_DATA", currently enabled. Using this build time
option provides a new runtime option "allow_insecure_tainted_data", which
turns taint errors into warnings (and spams your log file).
[...]
Currently I'm runn
Thank you for spending your time :)
Andreas Metzler via Exim-users (So 25 Apr 2021 08:12:58
CEST):
> void
> -openlogs();
> +open_logs(const char *m);
> is the proper fix?
It is one possible fix. But the char* isn't used anymore (was there for
debugging). I updated the branch.
> log.c: In func
On 2021-04-25 Andreas Metzler wrote:
> On 2021-04-24 Heiko Schlittermann wrote:
> > I believe, the issue is fixed now. I'd be happy, if you **or anybody
> > else** can give it a try. To avoid cluttering the official Exim repo,
> > this branch is still only in my private but public repositories:
>
On 2021-04-24 Heiko Schlittermann wrote:
> I believe, the issue is fixed now. I'd be happy, if you **or anybody
> else** can give it a try. To avoid cluttering the official Exim repo,
> this branch is still only in my private but public repositories:
[...]
Good morning Heiko,
thank you. Will upl
Hi Andreas,
I believe, the issue is fixed now. I'd be happy, if you **or anybody
else** can give it a try. To avoid cluttering the official Exim repo,
this branch is still only in my private but public repositories:
https://git.exim.org/users/heiko/exim.git/shortlog/refs/heads/exim-4.94+
Hi Andreas,
the problem isn't caused by the new allow_insecure_tainted_data, but
these warnings trigger the issue.
We're in progress fixing it.
--
Heiko
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http:/
Heiko Schlittermann via Exim-users (So 11 Apr 2021
09:08:10 CEST):
> Hi Andreas,
>
> which commit ID your build is based on? I'd like to reproduce it
> locally.
I can reproduce it using a minimal config, going to check it now.
(The version I'm running on production systems doesn't do local
deli
Hi Andreas,
which commit ID your build is based on? I'd like to reproduce it
locally.
Andreas Metzler via Exim-users (So 11 Apr 2021 08:51:48
CEST):
> On 2021-04-06 Heiko Schlittermann via Exim-users wrote:
> [...]
> > .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
> > allow_inse
On 2021-04-06 Heiko Schlittermann via Exim-users wrote:
[...]
> .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
> allow_insecure_tainted_data = yes
> .endif
Hello,
I just did a test build on the fixes branch, added the
allow_insecure_tainted_data setting and changed the mail
Andreas Metzler via Exim-users (Sa 10 Apr 2021 18:06:05
CEST):
> On 2021-04-06 Heiko Schlittermann via Exim-users wrote:
> [...]
> > .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
> > allow_insecure_tainted_data = yes
> > .endif
> [...]
> > Suggestions, question, remarks ar
Andreas Metzler via Exim-users (Sa 10 Apr 2021 17:37:56
CEST):
> On 2021-04-06 Heiko Schlittermann via Exim-users wrote:
> [...]
> > .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
> > allow_insecure_tainted_data = yes
> > .endif
> [...]
> > But as soon as the work stabilize
On 2021-04-06 Heiko Schlittermann via Exim-users wrote:
[...]
> .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
> allow_insecure_tainted_data = yes
> .endif
[...]
> Suggestions, question, remarks are welcome.
Nitpicks:
* The changes to doc/NewStuff should not be on +fixes.
*
On 2021-04-06 Heiko Schlittermann via Exim-users wrote:
[...]
> .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
> allow_insecure_tainted_data = yes
> .endif
[...]
> But as soon as the work stabilizes, it will be merged into the upstream
> source. (For now, please expect change
Hi,
finally a follow-up.
> In one word "upvote".
>
> I am all for improved security but a single "step change" that breaks
> existing configurations is IMHO going too far.
>
> taint_mode = off | warn | enforce
.ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
allow_insecure_tain
15 matches
Mail list logo