Re: POP3, lock files and procmail

From: Les Mikesell (les.w.hanson_at_comcast.net)
Date: 07/14/03 

Date: Mon, 14 Jul 2003 00:47:58 GMT

"Mark Crispin" <mrc@CAC.Washington.EDU> wrote in message
news:Pine.NXT.4.56.0307131155150.16428@Ikkoku-Kan.Panda.COM...

> > As for the UW software, I'm not comfortable with the security record of
UW
> > IMAP. And yes, I've seen the FAQ entry 5.2 ;)
>
> Two buffer overflow bugs in the IMAP server, many years ago (and many
> release versions ago), and that's supposed to extend to the POP3 server
> (an entirely different program) and to everything else that I've ever
> written forever?
>
> Are you seriously claiming that buffer overflow bugs never happen in
> Linux?

Of course, and they are very publicly discussed so everyone is aware
of the versions with problems.

> Or that it is possible to install a Linux system out-of-the-box on
> the open Internet without having it promptly rooted?

Now who is giving the knee-jerk reaction to 2-year old information?
The other programs were fixed as their flaws were discovered too.
The Linux distribution from http://www.e-smith.org/ has been as secure
out of the box as anything that included bind, ssl, ssh, and imap for
several years. Now even RedHat has a pretty safe default installation.

> Thank you very much for your kind insult. I'll remember not to answer any
> more questions from you.

Note that your comment about Linux distributions was equally insulting to
other people who only made the same mistakes and have likewise corrected
them. 

---
    Les Mikesell
      lesmikesell@comcast.net