Archives
Archives
| From: | Fabian Groffen <grobian@g.o> |
|---|---|
| To: | gentoo-dev@l.g.o |
| Subject: | [gentoo-dev] [News item review v2] Exim >=4.94 transports: tainted not permitted |
| Date: | Sun, 02 May 2021 10:50:14 |
| Message-Id: | YI6D2tPxxMEALCCJ@gentoo.org |
| 1 | Title: Exim>=4.94 transports: tainted not permitted |
| 2 | Author: Fabian Groffen <grobian@g.o> |
| 3 | Posted: 2021-05-?? |
| 4 | Revision: 1 |
| 5 | News-Item-Format: 2.0 |
| 6 | Display-If-Installed: mail-mta/exim |
| 7 | |
| 8 | The Message Transfer Agent Exim disallows tainted variables in transport |
| 9 | configurations since version 4.94. Existing exim.conf configurations |
| 10 | in /etc/exim need to be reviewed for breakage prior to upgrading to |
| 11 | >=mail-mta/exim-4.94 to avoid error conditions at runtime. |
| 12 | |
| 13 | Since the release of Exim-4.94, transports refuse to use tainted data in |
| 14 | constructing a delivery location. If you use this in your transports, |
| 15 | your configuration will break, causing errors and possible downtime. |
| 16 | |
| 17 | Particularly, the use of $local_part in any transport, should likely be |
| 18 | updated with $local_part_data. Check your local_delivery transport, |
| 19 | which historically used $local_part. |
| 20 | |
| 21 | Unfortunately there is not much documentation on "tainted" data for |
| 22 | Exim[1], and to resolve this, non-official sources need to be used, such |
| 23 | as [2] and [3]. |
| 24 | |
| 25 | |
| 26 | |
| 27 | [1] https://lists.exim.org/lurker/message/20201109.222746.24ea3904.en.html |
| 28 | [2] https://mox.sh/sysadmin/tainted-filename-errors-in-exim-4.94/ |
| 29 | [3] https://jimbobmcgee.wordpress.com/2020/07/29/de-tainting-exim-configuration-variables/ |
| 30 | |
| 31 | -- |
| 32 | Fabian Groffen |
| 33 | Gentoo on a different level |
| File name | MIME type |
|---|---|
| signature.asc | application/pgp-signature |