Bugtraq mailing list archives
Re: EMERGENCY: new remote root exploit in UW imapd
From: djb () CR YP TO (D. J. Bernstein)
Date: Tue, 28 Jul 1998 10:18:36 -0000
Beware of the Dijkstra phenomenon. The phenomenon is that immodular code seems more ``productive'' than heavily modularized code. You can read or write many more lines per hour of malloc(), strcpy(), free() than of unfamiliar high-level routines. Of course, the modular code ends up being _much_ smaller. It also lets you independently check the correctness of each module; this scales to arbitrarily large systems if the modules remain small. Adam Shostack writes:
we attempted to look at the qmail source. (.89 or .91 or so).
Things have changed since then. For example, I documented most of the Sub-Standard C Library(tm) in 1997.
We were rarely sure when the code segments we were looking at were considered security critical.
Anything touching the user's mail is security-critical---maybe not from root's point of view, but certainly from the user's point of view. ---Dan Binary qmail distributions are allowed! http://pobox.com/~djb/qmail/dist.html
Current thread:
- Re: EMERGENCY: new remote root exploit in UW imapd, (continued)
- Re: EMERGENCY: new remote root exploit in UW imapd Allanah Myles (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Dave Andersen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Jim Greene (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Peter Jeremy (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd IBS / Andre Oppermann (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd Adam Shostack (Jul 23)
- Security Bulletins Digest vtmue () HEAVEN RUF UNI-FREIBURG DE (Jul 23)
- Apache 1.3.1 Released! Aleph One (Jul 23)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd Alex Le Heux (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd D. J. Bernstein (Jul 28)
- Re: EMERGENCY: new remote root exploit in UW imapd der Mouse (Jul 28)
- Object tag crashes Internet Explorer 4.0 Georgi Guninski (Jul 28)
- Re: Object tag crashes Internet Explorer 4.0 Matt Rose (Jul 29)
- Re: EMERGENCY: new remote root exploit in UW imapd David Schwartz (Jul 28)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 29)
- Object tag crashes Internet Explorer 4.0 Georgi Guninski (Jul 28)
- Re: EMERGENCY: new remote root exploit in UW imapd D. J. Bernstein (Jul 29)
- Re: EMERGENCY: new remote root exploit in UW imapd Bill Royds (Jul 29)
- Re: EMERGENCY: new remote root exploit in UW imapd Allanah Myles (Jul 20)