Re: [Exim] Exim and IBM DB2

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Sheldon Hearn
Date:  
À: Sean Witham
CC: Exim Users Mailing List
Sujet: Re: [Exim] Exim and IBM DB2

On Wed, 19 Dec 2001 12:16:06 GMT, Sean Witham wrote:

> Yes Exim is a big program and thus it is next to imposible if not
> imposible to "prove" that it is secure but I think it is this very
> fact that changes the dicussion from one of fact and principle to
> that of personal opinion. I say that because people use exim despite
> the privledges that it has because they trust the programmer to do
> the right things.


Actually, Exim's invulnerability to abuse of its setuid privelege isn't
hard to prove. There's not that much code to audit between program
execution and setuid()/setgid() time.

Ciao,
Sheldon.