Hi, > pine is riddled with buffer overflows, its considered unfixable > without totally throwing away 100% of the code and starting over. why > would anyone do that when we have mutt which is a far superior and > Free replacement. > > try this: > > (iirc) > > $ export HOME=3D`perl -e 'print "a" x 10000'` > > $ pine > > it should segfault. good indication of a buffer overflow there.
While this kind of buffer overflow is nasty, (as far as I can see) from a security point of view it is rather harmless. If you can get pine to execute arbitrary code just by sending a malicous mail, that's really dangerous. Thomas
