Re: [Exim] Exim and IBM DB2

Top Page
Delete this message
Reply to this message
Author: Sheldon Hearn
Date:  
To: Sean Witham
CC: Exim Users Mailing List
Subject: Re: [Exim] Exim and IBM DB2

On Wed, 19 Dec 2001 12:16:06 GMT, Sean Witham wrote:

> Yes Exim is a big program and thus it is next to imposible if not
> imposible to "prove" that it is secure but I think it is this very
> fact that changes the dicussion from one of fact and principle to
> that of personal opinion. I say that because people use exim despite
> the privledges that it has because they trust the programmer to do
> the right things.


Actually, Exim's invulnerability to abuse of its setuid privelege isn't
hard to prove. There's not that much code to audit between program
execution and setuid()/setgid() time.

Ciao,
Sheldon.