Author: Phil Pennock Date: To: Andreas Metzler CC: exim-users Subject: Re: [exim] Segfaults due to corrupted berkeley db
On 2009-08-02 at 16:29 +0200, Andreas Metzler wrote: > ocassionally somebody reports a segfault in exim. Usually the response is
> "Delete the contents of $spooldir/db." People do this and the problem
> goes away.
That's strange. What corrupted the files in the first place? What
happens if you build Exim against a different DB backend? It's not
usual in Exim to just accept crashes; especially since those DBs contain
data derived from emails, so if this can be deterministically reproduced
then it might be somehow exploitable (corrupt the DB to upset the
application and insert shellcode).
In fact, that's really worrying. I don't recall hearing of this before
now.
The most usual cause of crashes I've seen is someone with an Exim built
against one version of OpenSSL but running against another version, and
then something in some session tickles an OpenSSL ABI incompatibility.
> Is this the right way to handle the problem? I am wondering because I
> recently received a bug report on the issue and do not want to cut
> corners.
