Re: [Exim] Washington mbx again

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Phil Pennock
日付:  
To: exim-users
題目: Re: [Exim] Washington mbx again
On 2000-10-05 at 19:45 -0700, Tom Samplonius gifted us with:
> Yes, but shouldn't Exim be using the c-client library to manage access
> to MBX mailboxes? I know that is a lot of overhead, but it guarrentees
> that it works right. See my other e-mail with a quote from Marc Cripin
> about various MBX issues.


No, it guarantees that your application has security holes.

See a number of threads on BugTraq, over at least the past year,
probably longer, about problems with UW-IMAP, Pine, and anything else
using c-client.

For those who're unaware - Pine has buffer-overruns in some headers.
Perhaps exploitable, perhaps not. But the last straw - it's going onto
my employer's blacklist; mutt + Pine.rc + pico == Phil sleeps at night.
--
Civilisation: where they cut down the trees and name streets after them.