Re: Bug#510415: tech-ctte: Qmail inclusion (or not) in Debian
One more thing (I dont think its mentioned already) I got pointed at:
http://www.daemonology.net/papers/bsdcan06.pdf
Page 9 says:
· Bug discovered in qmail: If you can send a >2GB message to qmailsmtpd,
you can execute arbitrary code via an integer overflow.
Response from DJB: "Nobody gives gigabytes of memory to each
qmailsmtpd process".
When DJB wrote qmail (1995), this was probably correct.
At least something to fix if the decision is to let qmail in, unless it
is already.
--
bye, Joerg
Some NM:
"Essential: Yes" -- useful for a message when you do apt-get remove bash:
Reply to: