Resolve "Amavis::Util: can't obtain a tainted string at /usr/sbin/amavisd line 2935."
Closes #85 (closed)
Prior to v2.12.2 amavis did the following in given order:
- use
$ENV{HOME}
and$ENV{PATH}
as external sources for tainted data. - undefine
$ENV{PATH}
- read config files
- define
$ENV{PATH}
by$path
confvar.
v2.12.2 introduces a config readability check via !75 (merged). The workflow changed to:
- use
$ENV{HOME}
and$ENV{PATH}
as external sources of tainted data. - undefine
$ENV{PATH}
- read config files
- define several
TEST_AMAVIS_CONFIG*
environment variables. - execute itself with dropped privileges:
- use
$ENV{HOME}
and$ENV{PATH}
as external sources for tainted data. - ...
- try to read config files
- exit with exit-code depending on success of previous step
- use
- define
$ENV{PATH}
by$path
confvar.
In the first step of executing itself, $ENV{PATH}
is undefined, unless it has been defined by user config, and $ENV{HOME}
may be undefined on operating systems which leave the task of dropping privileges for amavis.
This MR simply adds $ENV{TEST_AMAVIS_CONFIG}
as an additional source of tained data.
Edited by dlucredativ