[Simon Walter] Bug#506353: mailscanner: many scripts allow
local users to overwrite arbitrary files, and more,
via symlink attacks
Kai Schaetzl
maillists at conactive.com
Thu Dec 4 17:31:24 GMT 2008
Glenn Steen wrote on Thu, 4 Dec 2008 15:07:48 +0100:
> Now, some may argue that the RFCs prohibit a lookup from being the
> basis of a rejection, but ... the RFCs also state that blatant errors
> are to be rejected...
No. They explicitely tell to be lenient on the receiving (client) side.
Anyway, we don't need to discuss this here. I just wanted to point out that
this specific feature is one of the few things where you can shoot yourself in
the foot without gaining any extra revenue (blocking by HELO gives you lots of
revenue although you may loose your foot as well ...).
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the MailScanner
mailing list