From: | Fabian Groffen <grobian@g.o> |
---|---|
To: | gentoo-dev@l.g.o |
Subject: | [gentoo-dev] [News item review] Exim >=4.94 transports: tainted not permitted |
Date: | Sun, 02 May 2021 09:56:46 |
Message-Id: | YI53UognwjnWa6g1@gentoo.org |
1 | Title: Exim >=4.94 disallows tainted variables in transport configurations |
2 | Author: Fabian Groffen <grobian@g.o> |
3 | Posted: 2021-05-?? |
4 | Revision: 1 |
5 | News-Item-Format: 2.0 |
6 | Display-If-Installed: mail-mta/exim |
7 | |
8 | Since the release of Exim-4.94, transports refuse to use tainted data in |
9 | constructing a delivery location. If you use this in your transports, |
10 | your configuration will break, causing errors and possible downtime. |
11 | |
12 | Particularly, the use of $local_part in any transport, should likely be |
13 | updated with $local_part_data. Check your local_delivery transport, |
14 | which historically used $local_part. |
15 | |
16 | Unfortunately there is not much documentation on "tainted" data for |
17 | Exim[1], and to resolve this, non-official sources need to be used, such |
18 | as [2] and [3]. |
19 | |
20 | |
21 | |
22 | [1] https://lists.exim.org/lurker/message/20201109.222746.24ea3904.en.html |
23 | [2] https://mox.sh/sysadmin/tainted-filename-errors-in-exim-4.94/ |
24 | [3] https://jimbobmcgee.wordpress.com/2020/07/29/de-tainting-exim-configuration-variables/ |
25 | |
26 | -- |
27 | Fabian Groffen |
28 | Gentoo on a different level |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-dev] [News item review] Exim >=4.94 transports: tainted not permitted | Ulrich Mueller <ulm@g.o> |
Re: [gentoo-dev] [News item review] Exim >=4.94 transports: tainted not permitted | "Andreas K. Huettel" <dilfridge@g.o> |