On Tue, 28 Jan 1997, Hans Grobler wrote:
> Any comments about the following posting?
Sigh. Someone else drew this to my attention. I was trying to ignore it,
having rather a lot of Exim work to do.
> ------------------------------------------------------------------------
>
> From: tqbf@??? (Thomas H. Ptacek)
> Newsgroups: comp.security.unix
> Subject: Exim, secure?
> Date: 27 Jan 1997 06:56:16 GMT
> Organization: EnterAct, L.L.C.
> Lines: 34
> Message-ID: <slrn5eokf9.lme.tqbf@???>
> Reply-To: tqbf@???
> NNTP-Posting-Host: char-star.rdist.org
>
> [ from a recent thread spun from the Sendmail 8.8.4 discussion, re Exim ]
>
> 26 Jan 1997 18:52:23 GMT paul@???:
>
> Exim uses seteuid() extensively to toggle between privilege modes,
I would not say "extensively". I think this is a comment after a cursory
grep at the code and without reading the documentation. Unlike some
other packages, Exim's manual - chapter 43 - describes in detail its use
of setuid and seteuid.
> and I
> note that the code is riddled with unchecked string manipulations routines
> (trusty 'wc' tells me 46 occurances of strcpy(), 260 occurances of
> sprintf(), and 16 instances of strcat()).
So? In fact most of the sprintf's are string_sprintf calls. But what
matters is how they are used.
> I'd be interested in hearing more about what Exim's implementors did to
> address security concerns.
Looks like he didn't RTFM, where I have tried to describe what I did.
Now, I am the last to be complacent about security. I'm not a security
expert. I'm not even a Unix expert. I've only been using Unix for 6 or 7
years, and the Internet for just over 5. There are certainly bugs in
Exim. There may even be security bugs in Exim. I've tried to write it as
well as I can. If anyone can point out a real problem, I will do my best
to fix it asap.
Feel free to cross-post this back to the original discussion, if you
want to.
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714