[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#510415: tech-ctte: Qmail inclusion (or not) in Debian

One more thing (I dont think its mentioned already) I got pointed at:
http://www.daemonology.net/papers/bsdcan06.pdf
Page 9 says:
· Bug discovered in qmail: If you can send a >2GB message to qmailsmtpd,
  you can execute arbitrary code via an integer overflow.
   ­ Response from DJB: "Nobody gives gigabytes of memory to each
     qmailsmtpd process".
   ­ When DJB wrote qmail (1995), this was probably correct.

At least something to fix if the decision is to let qmail in, unless it
is already.

-- 
bye, Joerg
Some NM:
"Essential: Yes" -- useful for a message when you do apt-get remove bash:
Reply to: