Author: Tom Kistner Date: To: Tim Jackson CC: exim-dev Subject: Re: [exim-dev] exim_dbmbuild buffer overflow
Tim Jackson wrote:
> This is a bonus, but I'm sure I'm not the only one with files named by
> what could in theory ultimately be user data (e.g. domain)
>
> e.g. /path/to/virtual_aliases/example.com
>
> where the data in those files might be eligible for dbmbuild'ing.
Just hope they don't call their domain ../../../etc/passwd :)