24 messages in net.sourceforge.lists.courier-usersRe: [courier-users] MTA Comparison
FromSent OnAttachments
Darren SpruellJan 15, 2002 6:46 am 
Kirill MiazineJan 15, 2002 7:30 am 
Nico WielandJan 15, 2002 7:51 am 
Darren SpruellJan 15, 2002 8:01 am 
YaremaJan 15, 2002 8:01 am 
Kirill MiazineJan 15, 2002 8:26 am 
Valdas AndrulisJan 15, 2002 8:53 am 
YaremaJan 15, 2002 9:08 am 
Phil BrutscheJan 15, 2002 9:10 am 
Phil BrutscheJan 15, 2002 9:28 am 
SysopJan 15, 2002 9:32 am 
Peter C. NortonJan 15, 2002 9:44 am 
Kirill MiazineJan 15, 2002 9:56 am 
Nerijus BaliunasJan 15, 2002 10:20 am 
drea...@dreamwvr.comJan 15, 2002 10:43 am 
Aly S.P DharshiJan 15, 2002 11:17 am 
tuc...@intelap.com.arJan 15, 2002 3:05 pm 
Drew RainesJan 15, 2002 7:12 pm 
SysopJan 16, 2002 6:10 am 
drea...@dreamwvr.comJan 16, 2002 10:09 am 
Peter C. NortonJan 16, 2002 11:10 am 
Sam VarshavchikJan 16, 2002 3:01 pm 
Peter C. NortonJan 16, 2002 3:40 pm 
Juha SaarinenJan 16, 2002 4:08 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [courier-users] MTA ComparisonActions...
From:Peter C. Norton (spac@lenin.nu)
Date:Jan 15, 2002 9:44:39 am
List:net.sourceforge.lists.courier-users

On Tue, Jan 15, 2002 at 11:10:35AM -0600, Phil Brutsche wrote:

I think this opinion came to be in 1996/97 after some qmail proponents grepped the Exim 1.x source for instances of strcpy and called that a security audit (I might be remembering the details wrong).

Its because the code didn't safely handle strings, and because it ran as a single monolithic processes so any piece of code means that you own the whole thing.

These days that's akin to auditing a WinNT 3.1 installation, finding problems, then declaring WinXP to have the same problems. Silly, isn't it? :)

The last exim advisory I see from bugtraq is a format string bug fixed in version 3.30. What version is exim at now?

-- The 5 year plan: In five years we'll make up another plan. Or just re-use this one.