Re: lil' exim format bug

[Peter Radcliffe <pir () pir net>]

Foldi Tamas <crow () kapu hu> probably said:
> All of the downloadable versions are still buggy, and I can't understand
> why does it recommend the main-main-developer to paste '%s' into the
> source code.

As I said before, the author was on vacation.  There is a testing
version with this fix available now. The offical release is waiting on
some work on another bugfix.

This problem only affects batch smtp, which means only someone with an
account on the machine can cause problems with it. Not good, but
better than a remote exploit.

> At the moment, we know another 'ugly' bug in the exim main code, but
> because of your tone it's not published. I can't understand, why do
> you use this tone against people, who audits your shity code, which
> has some errors in it.

*sigh*

This gets hashed over in bugtraq every so often. Go read the archives
for the hundreds of messages listing how impolite and rude it is to
announce a problem without informing the producers of the software and
giving them time to release a fixed version if they respond well.

Announcing something to bugtraq like that without letting the author
get a patched version out and the OSen that release exim as the
default MTA or as a packaged alternative to get fixed releases out was
obnoxious.

Full disclosure is a good thing, dealing with full disclosure in a
responsible and reasonable manner is also a good thing.

> These values are defaults in most linuxes. 

There is more to the world than linux. How the various linux
distributions choose to package exim is not "the default".

> On default linuxes exim is installed with setuid root. We speak about
> the default install. The exim main source code has lot of setuid() call,
> so it's developed for root usage also.

Linux packages are not "the default install", and being suid root does
not mean it runs as root all the time.

The security section in the specification lists the possible uses of
exim as suid root, suid something else, running as root most of the
time (not recommended) or not.

It is entirely possible (and allowed for in one of the security
settings) to never run as root (beyond being started as root once to
bind to port 25), not be suid root and never have root privs.

No one with any sense should be running an MTA with root privs when it
is accepting SMTP input be it port 25 or batch SMTP whatever the
defaults are for a random package.

P.

-- 
pir                  pir () pir net                    pir () net tufts edu