|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: qmail, from bugtraq
From: Richard J. Sexton (richard
vrx.net)Date: Fri Feb 04 2000 - 10:06:27 CST
- Next message: Marek Habersack: "Re: qmail, from bugtraq"
- Previous message: Leif Nixon: "Re: qmail, from bugtraq"
- Next in thread: Marek Habersack: "Re: qmail, from bugtraq"
- Maybe reply: Richard J. Sexton: "Re: qmail, from bugtraq"
- Reply: Marek Habersack: "Re: qmail, from bugtraq"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 02:10 PM 2/4/00 +0100, Marek Habersack wrote:
>* D. J. Bernstein said:
>> http://cr.yp.to/qmail/guarantee.html
>> http://cr.yp.to/qmail/venema.html
>> http://cr.yp.to/maildisasters/postfix.html
>>
>> Wietse Venema writes:
>> > I installed qmail as per author instructions and ran my machines
>> > out of swap with a trivial exploit.
>>
>> That's because you neglected to use the tools that your system provides
>> to allocate your resources.
>This can be reversed. If a program claims to be secure, it should use all
Look on the bright side. Both mail programs are infinitly more
secide than BIND. There's a tiny Perl script that if run
the right way will turn *any* nameserver running any version
of BIND off. The fact that nobody has done this to the legacy
root and com nameservers is a minor miracle.
-- Richard Sexton | richard
- Next message: Marek Habersack: "Re: qmail, from bugtraq"
- Previous message: Leif Nixon: "Re: qmail, from bugtraq"
- Next in thread: Marek Habersack: "Re: qmail, from bugtraq"
- Maybe reply: Richard J. Sexton: "Re: qmail, from bugtraq"
- Reply: Marek Habersack: "Re: qmail, from bugtraq"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]