Gentoo Archives: gentoo-dev

From: Fabian Groffen <grobian@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] [News item review] Exim >=4.94 transports: tainted not permitted
Date: Sun, 02 May 2021 09:56:46
Message-Id: YI53UognwjnWa6g1@gentoo.org
1 Title: Exim >=4.94 disallows tainted variables in transport configurations
2 Author: Fabian Groffen <grobian@g.o>
3 Posted: 2021-05-??
4 Revision: 1
5 News-Item-Format: 2.0
6 Display-If-Installed: mail-mta/exim
7
8 Since the release of Exim-4.94, transports refuse to use tainted data in
9 constructing a delivery location. If you use this in your transports,
10 your configuration will break, causing errors and possible downtime.
11
12 Particularly, the use of $local_part in any transport, should likely be
13 updated with $local_part_data. Check your local_delivery transport,
14 which historically used $local_part.
15
16 Unfortunately there is not much documentation on "tainted" data for
17 Exim[1], and to resolve this, non-official sources need to be used, such
18 as [2] and [3].
19
20
21
22 [1] https://lists.exim.org/lurker/message/20201109.222746.24ea3904.en.html
23 [2] https://mox.sh/sysadmin/tainted-filename-errors-in-exim-4.94/
24 [3] https://jimbobmcgee.wordpress.com/2020/07/29/de-tainting-exim-configuration-variables/
25
26 --
27 Fabian Groffen
28 Gentoo on a different level

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies