On 2021/09/08 11:12, Renaud Allard wrote:
> I discussed with exim guys and it seems they are quiet reluctant at
> modifying "correct C code".
It's not correct code that the %n abort is there to protect against.
It's to prevent cases with incorrect code from turning into a hole.
Hopefully Exim's monolithic setuid-root binary has no format string
vulnerabilities but I bet there are some in the other few hundred
GB of code in ports.
No comments:
Post a Comment