Re: [Exim-dev] Security & Development issues

Pàgina inicial
Delete this message
Reply to this message
Autor: Phil Pennock
Data:  
A: exim-dev
Assumpte: Re: [Exim-dev] Security & Development issues
On 2004-03-10 at 15:46 +0000, Yann Golanski wrote:
> I think there are some document (OpenBSD?) that define how to avoid most
> of C "nasty" functions. Of course, attracting someone who knows about
> those security things would be good too.


Most of them relate to string-handling, with the problems of buffer
sizes against flag-terminated ranges of memory. Exim's replacement
string-handling routines deal with the issues well, so the largest class
of potential problems is rendered irrelevant.

Perhaps a hackers-guide .txt pointing out the rich internal library
available to Exim developers is worthwhile?  I could probably put in
some work on that.  I'll build up some notes when I make some feature
enhancements in the coming month (see my other mail).
-- 
Phil Pennock,  Senior Systems Administrator,  Demon Internet Netherlands
NL Sales: +31 20 422 20 00      Thus Plc      NL Support: 0800 33 6666 8