Hello,
I'm in the process of upgrading to new exim versions and thought I was
fully prepared for the new concept of tainted variables. But this has
left me rather confused:
$: exim --version
Exim version 4.94.2 #2 built 13-Jul-2021 16:04:57
(Debian Package: 4.94.2-7)
Warning: ACL "warn" statement skipped: condition test deferred: Tainted
MySQL server 'localhost/greylist/greylist/xyz'
I am using a MySQL DB for greylisting. The config variables are defined
like this:
"GREYLIST_DBSERVER = localhost/greylist/greylist/xyz"
This is then referred later:
warn set acl_m8 = ${lookup mysql{servers=GREYLIST_DBSERVER;\
GREYLIST_SUBNET}{$value}{result=unknown}}
Why would a local variable which is never set by any external input be
tainted?
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
I'm in the process of upgrading to new exim versions and thought I was
fully prepared for the new concept of tainted variables. But this has
left me rather confused:
$: exim --version
Exim version 4.94.2 #2 built 13-Jul-2021 16:04:57
(Debian Package: 4.94.2-7)
Warning: ACL "warn" statement skipped: condition test deferred: Tainted
MySQL server 'localhost/greylist/greylist/xyz'
I am using a MySQL DB for greylisting. The config variables are defined
like this:
"GREYLIST_DBSERVER = localhost/greylist/greylist/xyz"
This is then referred later:
warn set acl_m8 = ${lookup mysql{servers=GREYLIST_DBSERVER;\
GREYLIST_SUBNET}{$value}{result=unknown}}
Why would a local variable which is never set by any external input be
tainted?
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/