[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Qmail vas Sendmail



> > Accidentally, qmail has it's own pop3 daemon - qmail-pop3d.
> 
> which works with the maildir format only.

Sure. What's so bad in it, if you are using qmail anyway? 

> Try using the non-exec stack kernel patch. If run from inetd (i.e.  it's
> being executed every session) with patch installed, qpopper is safe enough
> for you. 

AFAIK, this patch breaks some things in gcc and buffer overflow exploits
are possible even with it installed (just most published ones don't work,
but one can write perfectly working exploit without executable stack,
IIRC). Secondly, running program with certified remote root hole and
hoping some patch will prevent it from being exploitable - is the deed of
great courage, but certainly not a good security practice. If you know
that it has holes, you don't touch it until it's OK, otherwise you are at
the mercy of the first kid that reads Bugtraq and Phrack, and knows to
cut-n-paste.

-- 
frodo@sharat.co.il	\/  There shall be counsels taken
Stanislav Malyshev	/\  Stronger than Morgul-spells
phone +972-2-6245112	/\  		JRRT LotR.
http://sharat.co.il/frodo/	whois:!SM8333