On Tue, 6 Apr 2021, Heiko Schlittermann via Exim-users wrote:
"ALLOW_INSECURE_TAINTED_DATA", currently enabled. Using this build time
option provides a new runtime option "allow_insecure_tainted_data", which
turns taint errors into warnings (and spams your log file).
[...]
Currently I'm running this on a production systems without any issues so
far. You're invited to do tests in your systems too.
Trying this version, with allow_insecure_tainted_data set, then this:
testlist:
driver = redirect
data = :include:/some/where/${local_part}
fails with error:
LOG: MAIN PANIC DIE
Taint mismatch, Ustrncpy: parse_forward_list 1393
It looks like the :include: might be the issue.
Not a problem here as I've now detainted this, but thought to report back.
Cheers
Chris
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
