public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* [gentoo-dev] [News item review] Exim >=4.94 transports: tainted not permitted
@ 2021-05-02  9:56 99% Fabian Groffen
  0 siblings, 0 replies; 1+ results
From: Fabian Groffen @ 2021-05-02  9:56 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 1070 bytes --]

Title: Exim >=4.94 disallows tainted variables in transport configurations
Author: Fabian Groffen <grobian@gentoo.org>
Posted: 2021-05-??
Revision: 1
News-Item-Format: 2.0
Display-If-Installed: mail-mta/exim

Since the release of Exim-4.94, transports refuse to use tainted data in
constructing a delivery location.  If you use this in your transports,
your configuration will break, causing errors and possible downtime.

Particularly, the use of $local_part in any transport, should likely be
updated with $local_part_data.  Check your local_delivery transport,
which historically used $local_part.

Unfortunately there is not much documentation on "tainted" data for
Exim[1], and to resolve this, non-official sources need to be used, such
as [2] and [3].



[1] https://lists.exim.org/lurker/message/20201109.222746.24ea3904.en.html
[2] https://mox.sh/sysadmin/tainted-filename-errors-in-exim-4.94/
[3] https://jimbobmcgee.wordpress.com/2020/07/29/de-tainting-exim-configuration-variables/

-- 
Fabian Groffen
Gentoo on a different level

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2021-05-02  9:56 99% [gentoo-dev] [News item review] Exim >=4.94 transports: tainted not permitted Fabian Groffen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox