* [gentoo-dev] [News item review] Exim >=4.94 transports: tainted not permitted
@ 2021-05-02 9:56 99% Fabian Groffen
0 siblings, 0 replies; 1+ results
From: Fabian Groffen @ 2021-05-02 9:56 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1070 bytes --]
Title: Exim >=4.94 disallows tainted variables in transport configurations
Author: Fabian Groffen <grobian@gentoo.org>
Posted: 2021-05-??
Revision: 1
News-Item-Format: 2.0
Display-If-Installed: mail-mta/exim
Since the release of Exim-4.94, transports refuse to use tainted data in
constructing a delivery location. If you use this in your transports,
your configuration will break, causing errors and possible downtime.
Particularly, the use of $local_part in any transport, should likely be
updated with $local_part_data. Check your local_delivery transport,
which historically used $local_part.
Unfortunately there is not much documentation on "tainted" data for
Exim[1], and to resolve this, non-official sources need to be used, such
as [2] and [3].
[1] https://lists.exim.org/lurker/message/20201109.222746.24ea3904.en.html
[2] https://mox.sh/sysadmin/tainted-filename-errors-in-exim-4.94/
[3] https://jimbobmcgee.wordpress.com/2020/07/29/de-tainting-exim-configuration-variables/
--
Fabian Groffen
Gentoo on a different level
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2021-05-02 9:56 99% [gentoo-dev] [News item review] Exim >=4.94 transports: tainted not permitted Fabian Groffen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox