From owner-freebsd-isp  Tue Sep  1 20:02:35 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA21036
          for freebsd-isp-outgoing; Tue, 1 Sep 1998 20:02:35 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from joshua.enteract.com (joshua.enteract.com [207.229.129.5])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id UAA21031
          for <freebsd-isp@FreeBSD.ORG>; Tue, 1 Sep 1998 20:02:33 -0700 (PDT)
          (envelope-from djhoward@joshua.enteract.com)
Received: (qmail 2403 invoked by uid 1032); 2 Sep 1998 03:01:29 -0000
Message-ID: <19980901220129.A2253@enteract.com>
Date: Tue, 1 Sep 1998 22:01:29 -0500
From: dannyman <dannyman@dannyland.org>
To: andrew@squiz.co.nz, "'freebsd-isp@FreeBSD.ORG'" <freebsd-isp@FreeBSD.ORG>
Subject: Re: qmail/ezmlm
Mail-Followup-To: andrew@squiz.co.nz,
	"'freebsd-isp@FreeBSD.ORG'" <freebsd-isp@FreeBSD.ORG>
References: <19980901141936.G1202@enteract.com> <Pine.BSF.3.96.980902120717.596J-100000@aniwa.sky>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <Pine.BSF.3.96.980902120717.596J-100000@aniwa.sky>; from Andrew McNaughton on Wed, Sep 02, 1998 at 12:12:03PM +1200
X-Loop: djhoward@uiuc.edu
X-URL: http://www.dannyland.org/~dannyman/
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, Sep 02, 1998 at 12:12:03PM +1200, Andrew McNaughton wrote:

> Has anyone investigated the buffer overflow problems in procmail?  I saw a
> recent message about buffer overflows from the command line which looked
> to be exploitable.  Not suid, so probably not important.  It would be a
> different case if these could be reached by a specially constructed email
> sent to a machine using procmail as a local delivery agent.

Hadn't heard about that, but I see it's SUID so this concern is extremely
valid.  Our concern is/was that procmail supposedly reads the entire message
into memory, which implicates performance issues as well.

*shrug*

For mere mortals, it's good enough. :)

-danny

-- 
  //       dannyman yori aiokomete       ||  Our Honored Symbol deserves
\\/ http://www.dannyland.org/~dannyman/  ||  an Honorable Retirement (UIUC)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message