1 |
Am Sonntag, 2. Mai 2021, 11:56:34 CEST schrieb Fabian Groffen: |
2 |
> Title: Exim >=4.94 disallows tainted variables in transport |
3 |
> configurations Author: Fabian Groffen <grobian@g.o> |
4 |
> Posted: 2021-05-?? |
5 |
> Revision: 1 |
6 |
> News-Item-Format: 2.0 |
7 |
> Display-If-Installed: mail-mta/exim |
8 |
> |
9 |
> Since the release of Exim-4.94, transports refuse to use tainted |
10 |
> data in constructing a delivery location. If you use this in your |
11 |
> transports, your configuration will break, causing errors and |
12 |
> possible downtime. |
13 |
> |
14 |
> Particularly, the use of $local_part in any transport, should likely |
15 |
> be updated with $local_part_data. Check your local_delivery |
16 |
> transport, which historically used $local_part. |
17 |
> |
18 |
> Unfortunately there is not much documentation on "tainted" data for |
19 |
> Exim[1], and to resolve this, non-official sources need to be used, |
20 |
> such as [2] and [3]. |
21 |
|
22 |
This is a safety mechanism that is part of Perl (essentially a way of |
23 |
tracking data that is derived from "insecure" sources). |
24 |
|
25 |
So it probably would make sense to at least point towards that concept |
26 |
in Perl. |
27 |
|
28 |
https://perldoc.perl.org/perlsec |
29 |
|
30 |
|
31 |
|
32 |
-- |
33 |
Andreas K. Hüttel |
34 |
dilfridge@g.o |
35 |
Gentoo Linux developer |
36 |
(council, toolchain, base-system, perl, libreoffice) |