Patrick Bihan-Faou <[EMAIL PROTECTED]> wrote:
>
> Well failure to recognize that 0.0.0.0 is yourself is not quite DNS related
> exploit. It is a bug.
>
> <sarcasm>
>
> I like these rules that say "yeah we are setting up a challenge, but there
> is no way that you could ever win it"...
The only reason it couldn't be won was that there were no security bugs
in qmail. The exact same conditions, attached to sendmail of the time,
would have resulted in many, many winners.
> If you ask me, qmail is far from bug free... The first security issue with
> this product is itself: the code is completely obfuscated (I know I know,
> style is a matter of taste), there is 0 line of comments in the code (hey
> isn't the fact that qmail code is "small" one of its selling points ? remove
> comments and you reduced the code size...)
Don't like it? Don't use it. There's plenty of other MTAs out there.
If you want djb to eat crow _and_ give you money, he's offering a USD$500
guarantee on the security of djbdns. Go wild; find a security bug. I fully
expect that money to remain unclaimed.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
