code audit?
Tony Finch
dot at DOTAT.AT
Tue Dec 2 16:53:33 GMT 2003
Julian Field <mailscanner at ECS.SOTON.AC.UK> wrote:
>
>Tony Finch at Cambridge University has gone through all of the code in very
>great detail, which resulted in several bug fixes and performance improvements.
I wouldn't quite go that far :-) I did not look at all the code in
detail, and I wasn't particularly looking out for security problems --
I don't have the right kind of deviousness to spot them reliably. Since
MailScanner is written in Perl, buffer overflow bugs aren't a problem,
so security problems are more likely to be related to dodgy filenames
(but MailScanner sanitizes them) or denial-of-service (but MailScanner
uses timeouts to protect itself) or something else... (which short list
shows why I don't count myself as a security person).
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
SELSEY BILL TO LYME REGIS: NORTHEAST 3 OR 4, EASING VARIABLE 2 OR LESS.
NORTHEAST 4 LATER. RAIN, FAIR LATER. MODERATE OR GOOD, LATER GOOD. SMOOTH OR
SLIGHT.
More information about the MailScanner
mailing list