I wasn't referring to OS Security Holes. I was referring to "true"
qmail holes.
If there were a real hole shown, I belive the DJB would fix it quickly
(and not just a quick fix as I think redhat would do).
Matt Soffen
Webmaster - http://www.iso-ne.com/
==============================================
Boss - "My boss says we need some eunuch programmers."
Dilbert - "I think he means UNIX and I already know UNIX."
Boss - "Well, if the company nurse comes by, tell her I said
never mind."
- Dilbert -
==============================================
> ----------
> From: Peter C. Norton[SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, December 29, 1998 12:19 PM
> To: Qmail mailing list
> Subject: Re: Frivolous forking
>
> On Tue, Dec 29, 1998 at 08:44:00AM -0500, Matthew Soffen wrote:
> >
> > Name 1 security hole found in qmail that they would have had to fix.
>
> Do you use ulimit before running your qmail-smtpd? One place to fix
> this security hole is in qmail-smtpd. Though Dan doesn't think it
> should be fixed in qmail itself, it reasonably could be.
>
> Anyway, keep in mind that just because it hasn't broken yet doesn't
> mean it can't break. Thinking that way is unwise. Just because qmail
> hasn't been broken *yet* doesn't mean that anyone is willing to stick
> their neck out and claim that it can't be broken. A group (I among
> them) have ponied up cash because there doesn't seem to be a way to do
> it. Money isn't a conclusive proof that it can't happen. It's just
> paper, it can't do a proof.
>
> Also note that Dan's standing offer of $1k doesn't cover stupid holes
> in the OS qmail's running on. If such an OS bug turned up, I hope
> that someone would write a work-around for qmail. But since there's
> always a chance that something unforseen will break, why strutt around
> pretending otherwise?
>
> -Peter
>
