Wonderful how #Exim team fully recognizes that the use_shell option is a massive security footgun. So they warn users. In a separate document, not linked from the optionâs documentation. Never mind not explaining which characters are ok, so users are bound to get it wrong.
Follow
Protip: if you need more than a paragraph of text to describe how a feature is used securely, then maybe you shouldnât have that feature in the first place. If you need more than a sentence, there should probably be a huge âDo not use unless you know what you are doing!â warning.
