Hi Andreas, which commit ID your build is based on? I'd like to reproduce it locally.
Andreas Metzler via Exim-users <exim-users@exim.org> (So 11 Apr 2021 08:51:48 CEST): > On 2021-04-06 Heiko Schlittermann via Exim-users <exim-users@exim.org> wrote: > [...] > > .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA > > allow_insecure_tainted_data = yes > > .endif > > Hello, > > I just did a test build on the fixes branch, added the > allow_insecure_tainted_data setting and changed the mail_spool > transport: > - file = /var/mail/$local_part_data > + file = /var/mail/$local_part > > Success was limited though. Without the patch the message delivery is > deferred. With the patch the message is frozen for > "allow_insecure_tainted_data = yes" (log file excerpt below). > > ==> /var/log/exim4/mainlog <== > 2021-04-11 08:26:08 1lVTXs-000F7W-0D <= ametz...@bebt.de H=localhost > (argenau.bebt.de) [::1] P=esmtp S=476 id=20210411082607.058...@argenau.bebt.de > 2021-04-11 08:26:08 1lVTXs-000F7W-0D failed to read delivery status for > ametzler@localhost from delivery subprocess > > Debug log: … > 08:26:08 58130 ╰──(tainted) > 08:26:08 58130 LOG: MAIN > 08:26:08 58130 Warning: Tainted '/var/mail/ametzler' (file or directory > name for mail_spool transport) not permitted > 2021-04-11 08:26:08 1lVTXs-000F7W-0D Warning: Tainted '/var/mail/ametzler' > (file or directory name for mail_spool transport) not permitted … > 08:26:08 58130 lock name: /var/mail/ametzler.lock > 08:26:08 58130 hitch name: > /var/mail/ametzler.lock.argenau.bebt.de.60729680.0000e312 > 08:26:08 58130 LOG: MAIN > 08:26:08 58130 Warning: Tainted filename > '/var/mail/ametzler.lock.argenau.bebt.de.60729680.0000e312' > 08:26:08 58128 LOG: MAIN PANIC > 08:26:08 58128 failed to read delivery status for ametzler@localhost from > delivery subprocess Is there any indication that the child (delivery process) crashed? > BTW the build-log with patch is very noisy: > ------------------- > cc -c -g -O2 -ffile-prefix-map=/dev/shm/EXIM4/exim-4.94=. > -fstack-protector-strong -Wformat -Werror=format-security > -D_LARGEFILE_SOURCE -fno-strict-aliasing -Wall -Wdate-time > -D_FORTIFY_SOURCE=2 -fvisibility=hidden -DCOMPILE_UTILITY -o util-spool_in.o > spool_in.c > In file included from exim.h:486, I'll check that noise. Thx. -- Heiko
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/