Re: [Exim] Does Exim have security problems?

Top Page
Delete this message
Reply to this message
Author: Malcolm Ray
Date:  
To: Philip Hazel
CC: exim-users
Subject: Re: [Exim] Does Exim have security problems?
> On Tue, 29 Aug 2000, Malcolm Ray wrote:
>
> > An in-depth and independent security audit of exim would be a Good
> > Thing.
>
> Absolutely! I have said this before, but as far as I know, it hasn't been
> undertaken.


The trouble is, it's a lot of work to do properly. It also needs to be
done by someone (or a team) with a track record, if it's to have good
standing. I could audit the code in my Copious Free Time(TM) and give
it a clean bill of health, but who would listen to me?

For the record, I believe that exim does not have any significant
exploitable security problems, but (like most of us) that belief isn't
based on an in-depth study of the code, so I can see how it may not
carry much weight with others, particularly if they're already infused
with the quasi-religious fervour which often surrounds the choice of an
MTA.

-- 
Malcolm Ray                           University of London Computer Centre