Auteur: Sheldon Hearn Date: À: Sean Witham CC: Exim Users Mailing List Sujet: Re: [Exim] Exim and IBM DB2
On Wed, 19 Dec 2001 12:16:06 GMT, Sean Witham wrote:
> Yes Exim is a big program and thus it is next to imposible if not
> imposible to "prove" that it is secure but I think it is this very
> fact that changes the dicussion from one of fact and principle to
> that of personal opinion. I say that because people use exim despite
> the privledges that it has because they trust the programmer to do
> the right things.
Actually, Exim's invulnerability to abuse of its setuid privelege isn't
hard to prove. There's not that much code to audit between program
execution and setuid()/setgid() time.