Re: [Exim-dev] Security & Development issues

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Phil Pennock
日付:  
To: exim-dev
題目: Re: [Exim-dev] Security & Development issues
On 2004-03-10 at 15:46 +0000, Yann Golanski wrote:
> I think there are some document (OpenBSD?) that define how to avoid most
> of C "nasty" functions. Of course, attracting someone who knows about
> those security things would be good too.


Most of them relate to string-handling, with the problems of buffer
sizes against flag-terminated ranges of memory. Exim's replacement
string-handling routines deal with the issues well, so the largest class
of potential problems is rendered irrelevant.

Perhaps a hackers-guide .txt pointing out the rich internal library
available to Exim developers is worthwhile?  I could probably put in
some work on that.  I'll build up some notes when I make some feature
enhancements in the coming month (see my other mail).
-- 
Phil Pennock,  Senior Systems Administrator,  Demon Internet Netherlands
NL Sales: +31 20 422 20 00      Thus Plc      NL Support: 0800 33 6666 8