[7341] in bugtraq
Re: EMERGENCY: new remote root exploit in UW imapd
daemon@ATHENA.MIT.EDU (Kragen)
Tue Jul 21 19:00:10 1998
Date: Tue, 21 Jul 1998 12:27:58 -0400
Reply-To: Kragen <kragen@POBOX.COM>
From: Kragen <kragen@POBOX.COM>
X-To: Niall Smart <rotel@indigo.ie>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199807172351.AAA00753@indigo.ie>
On Sat, 18 Jul 1998, Niall Smart wrote:
> The problem, as the original poster says, is that exercising option
> 3 is currently too difficult. The ANSI C string handling functions
> are simply error prone. With this in mind I begin about a month
> ago on a project to create a string handling library which makes
> buffer management significantly easier, while still maintaining an
> acceptable level of efficiency and supporting common C programming
> idioms. There are other interfaces, such as file access which are
> also error prone to a degree which I am also looking at. I haven't
> had the time to spend as much time on this project as I would have
> liked but I should get it released before the end of the summer at
> which time I'll post an announcement here. The code will be under
> a BSD style copyright.
Dan Bernstein, who wrote qmail, has already done all of this. He might
be persuaded to let others use his library under a BSD-style copyright.
qmail uses no standard C library functions, other than syscalls, if I
remember correctly.
Kragen
