Peter van Dijk writes: > It's a bug, and it's an overflow-like one, but it doesn't seem > exploitable just now. Scares the shit out of me nonetheless. You are confused. The qmail-local program runs with the permissions of the user who owns the .qmail file. The treatment of bogus .qmail files has no relevance to security. ---Dan
- qmail-local.c bug? Erik Sjoelund
- Re: qmail-local.c bug? Martin Jespersen
- Re: qmail-local.c bug? Peter Samuel
- Re: qmail-local.c bug? Peter van Dijk
- Re: qmail-local.c bug? D. J. Bernstein
- Re: qmail-local.c bug? Peter van Dijk
