|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: innd 2.2.2 remote buffer overflow
From: Russ Allbery (rra
STANFORD.EDU)Date: Tue Jun 06 2000 - 16:00:05 CDT
- Next message: root: "BRU Vulnerability"
- Previous message: Michal Zalewski: "Re: innd 2.2.2 remote buffer overflow"
- Next in thread: Forrest J. Cavalier III: "Re: innd 2.2.2 remote buffer overflow"
- Maybe reply: Russ Allbery: "Re: innd 2.2.2 remote buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michal Zalewski <lcamtufdione.ids.pl> writes:
> On 6 Jun 2000, Russ Allbery wrote:
>> Note that this code is only ever executed if the option "verifycancels"
>> is enabled in inn.conf. This is *not* the default, and has been
>> recommended against for some time now since it really doesn't do any
>> real good.
> It is enabled by default in RH,
That's a bug in Red Hat's configuration in my opinion as one of the
maintainers of INN.
> and usually is enabled on live innd sites.
Not by anyone who follows the advice of the documentation.
I'll repeat: As one of the maintainers of INN, I strongly recommend that
people not use verifycancels; it serves no useful purpose, the behavior
that it enables is disallowed by the latest draft of the Usenet article
format standard, and it's likely to go away completely in INN 2.4.
I've not had it turned on on any of my servers for years now.
-- Russ Allbery (rra
- Next message: root: "BRU Vulnerability"
- Previous message: Michal Zalewski: "Re: innd 2.2.2 remote buffer overflow"
- Next in thread: Forrest J. Cavalier III: "Re: innd 2.2.2 remote buffer overflow"
- Maybe reply: Russ Allbery: "Re: innd 2.2.2 remote buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]