On 2004-03-10 at 15:46 +0000, Yann Golanski wrote:
> I think there are some document (OpenBSD?) that define how to avoid most
> of C "nasty" functions. Of course, attracting someone who knows about
> those security things would be good too.
Most of them relate to string-handling, with the problems of buffer
sizes against flag-terminated ranges of memory. Exim's replacement
string-handling routines deal with the issues well, so the largest class
of potential problems is rendered irrelevant.
Perhaps a hackers-guide .txt pointing out the rich internal library
available to Exim developers is worthwhile? I could probably put in
some work on that. I'll build up some notes when I make some feature
enhancements in the coming month (see my other mail).
--
Phil Pennock, Senior Systems Administrator, Demon Internet Netherlands
NL Sales: +31 20 422 20 00 Thus Plc NL Support: 0800 33 6666 8
