Re: [Exim] Does Exim have security problems?

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Malcolm Ray
Dátum:  
Címzett: Philip Hazel
CC: exim-users
Tárgy: Re: [Exim] Does Exim have security problems?
> On Tue, 29 Aug 2000, Malcolm Ray wrote:
>
> > An in-depth and independent security audit of exim would be a Good
> > Thing.
>
> Absolutely! I have said this before, but as far as I know, it hasn't been
> undertaken.


The trouble is, it's a lot of work to do properly. It also needs to be
done by someone (or a team) with a track record, if it's to have good
standing. I could audit the code in my Copious Free Time(TM) and give
it a clean bill of health, but who would listen to me?

For the record, I believe that exim does not have any significant
exploitable security problems, but (like most of us) that belief isn't
based on an in-depth study of the code, so I can see how it may not
carry much weight with others, particularly if they're already infused
with the quasi-religious fervour which often surrounds the choice of an
MTA.

-- 
Malcolm Ray                           University of London Computer Centre