Re: remote root qmail-pop with vpopmail advisory and exploit with patch (fwd)

[Russell Nelson]

Derek Callaway writes:
 > What about the calls to syslog in qmail's splogger.c? Are they secure?

Maybe.  Maybe not.  But splogger isn't a setuid program and needn't be 
run as root (unlike qmail-send).

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | do for you..."  -Perry M.