[exim-cvs] Suggestion from Qalys:

Góra strony
Wiadomość jest częścią wątku:
Mpełne drzewo wątku posortowane wg daty
 
 
Delete this message
Reply to this message
Autor: Exim Git Commits Mailing List
Data:  
Dla: exim-cvs
Temat: [exim-cvs] Suggestion from Qalys:
Gitweb: https://git.exim.org/exim.git/commitdiff/3109898a5e815a04f505c73b67493ef15d9f0665
Commit:     3109898a5e815a04f505c73b67493ef15d9f0665
Parent:     d8c9f31a3ec7a424ac9465604c397f1882b05567
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Fri May 7 13:09:12 2021 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Mon Jun 28 00:30:02 2021 +0100


    Suggestion from Qalys:


    If I may add one more thing, there is an issue that should be addressed
    sooner rather than later: the writable configuration at the beginning of
    the heap. A short-term (and hopefully non-intrusive) solution may be to
    mmap() the configuration instead, and then mprotect(PROT_READ) it. This
    would mitigate the exploitation technique that almost all Exim exploits
    have been using.


Wiadomość została wysłana do następujących list mailowych:
exim-cvs
Informacja o liście mailowej | Najbliższe wiadomości		<-[exim-cvs] namedlist_block has to be allocated mutably, to cache lookups[exim-cvs] avoid modifying possible config text during :fail: delivery->
Tahini and Hummus and Cumin Development Archives administrowana przez cumin AdminsLurker (wersja 2.3)