On Tue, Feb 29, 2000 at 10:24:39AM -0500, Russell Nelson wrote:
> Markus Wuebben writes:
> > Is this known?
> > A complete description of the problem can be found
> > at http://www.inter7.com/vpopmail/exploit.html
>
> Yes, it's known. The patch is still given using strlen(), though,
> which drags in the C library and makes qmail-pop3d gratuitiously
> bigger.
Patching qmail-pop3d is just plain wrong. qmail-pop3d is completely ok,
it's vpopmail that should be fixed.
Greetz, Peter.
--
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder
|
| 'C makes it easy to shoot yourself in the foot;
| C++ makes it harder, but when you do it blows your whole leg off.'
| Bjarne Stroustrup, Inventor of C++
