Date: Tue, 1 Sep 1998 22:01:29 -0500 From: dannyman <dannyman@dannyland.org> To: andrew@squiz.co.nz, "'freebsd-isp@FreeBSD.ORG'" <freebsd-isp@FreeBSD.ORG> Subject: Re: qmail/ezmlm Message-ID: <19980901220129.A2253@enteract.com> In-Reply-To: <Pine.BSF.3.96.980902120717.596J-100000@aniwa.sky>; from Andrew McNaughton on Wed, Sep 02, 1998 at 12:12:03PM %2B1200 References: <19980901141936.G1202@enteract.com> <Pine.BSF.3.96.980902120717.596J-100000@aniwa.sky>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 02, 1998 at 12:12:03PM +1200, Andrew McNaughton wrote: > Has anyone investigated the buffer overflow problems in procmail? I saw a > recent message about buffer overflows from the command line which looked > to be exploitable. Not suid, so probably not important. It would be a > different case if these could be reached by a specially constructed email > sent to a machine using procmail as a local delivery agent. Hadn't heard about that, but I see it's SUID so this concern is extremely valid. Our concern is/was that procmail supposedly reads the entire message into memory, which implicates performance issues as well. *shrug* For mere mortals, it's good enough. :) -danny -- // dannyman yori aiokomete || Our Honored Symbol deserves \\/ http://www.dannyland.org/~dannyman/ || an Honorable Retirement (UIUC) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980901220129.A2253>