Re: [Exim] Washington mbx again

On 2000-10-05 at 19:45 -0700, Tom Samplonius gifted us with:
> Yes, but shouldn't Exim be using the c-client library to manage access
> to MBX mailboxes? I know that is a lot of overhead, but it guarrentees
> that it works right. See my other e-mail with a quote from Marc Cripin
> about various MBX issues.

No, it guarantees that your application has security holes.

See a number of threads on BugTraq, over at least the past year,
probably longer, about problems with UW-IMAP, Pine, and anything else
using c-client.

For those who're unaware - Pine has buffer-overruns in some headers.
Perhaps exploitable, perhaps not. But the last straw - it's going onto
my employer's blacklist; mutt + Pine.rc + pico == Phil sleeps at night.
--
Civilisation: where they cut down the trees and name streets after them.