Matthew S. Hallacy writes:
> http://www.securityfocus.com/bid/2237/exploit/

That's not a bug.  qmail-smtpd is designed to run with rlimits.  That's why
they exist in the first place.  See this page for more details:

http://cr.yp.to/qmail/venema.html

> the smtp auth "module" (admittedly, not distributed with qmail):
>   http://www.securityfocus.com/bid/1809/solution/

How is that even remotely relevant?  That is a third party patch to qmail.
That patch has a security hole, not qmail.

With that logic, I could write buggy patches to any software and you would
claim the software itself was insecure.

> Just because software has had bugs, doesn't make it insecure.

No, but software that has security holes is insecure.

> Are you not encouraging people to run "insecure software"?

My choice of email client has nothing to do with discussing MTAs.  But
apparently you lack the ability to understand that.  I find it amusing that
you can't find fault with what I am saying, so you have to find other,
non-related things to attack me with.

> qmail has vulnerabilities, they haven't been (publicly) found yet.

Prove it.  (Oh, you can't.  What a surprise.)

--
David Phillips <david at acz.org>
http://david.acz.org/


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list