[exim-dev] [Bug 2000] BDAT injection/transmission character …

Startseite
Nachricht löschen
Nachricht beantworten
Autor: admin
Datum:  
To: exim-dev
Betreff: [exim-dev] [Bug 2000] BDAT injection/transmission character loss
https://bugs.exim.org/show_bug.cgi?id=2000

--- Comment #11 from Andreas Metzler <eximusers@???> ---
(In reply to Jeremy Harris from comment #10)
> Sorry, but a single delivery process pausing until it times out is not a DOS.


Good morning,

I have got the feeling of talking to somebody I got on the wrong foot with. The
reponses I have received seem to be almost hostile, picking on a single word
out of line arguments. Is there something I can improve this?

---------------
To my eyes it is beyond doubt there is a bug.

As unprivileged user I can inject messages via bdat that causes spoolfiles with
incorrect metadata (body_linecount) to be written. And exim delivery relies on
the spoolfile metadata to be correct. On broken metadata the delivering exim
process will either hang or at least cause SMTP syntax errors by sending data
when it must not.
---------------

Whether hanging delivery processes have "a DOS aspect" seems to be a
questionable. Be it. (I personally suspect that exim would not handle hanging
delivery process*es* (nothing is limiting us to "one process") very well.)

--
You are receiving this mail because:
You are on the CC list for the bug.