On 12/12/18 1:13 PM, Rick Moen wrote: > Quoting Lars Nood??n via Dng (dng@lists.dyne.org): > >> It's probably a time that Procmail be retired, and thus anything based >> on it. There have been a lot of reports in recent years of serious, >> unsafe bugs in its processing. However, there is this comment about it >> from a former Procmail maintainer to consider: >> >> https://marc.info/?l=openbsd-ports&m=141634350915839&w=2 > > Upon examination, it turns out that the known flaws in Procmail lack any > credible exploitation scenario. The matter was covered on LWN.net a few > years ago, and I'm pretty sure nothing has changed substantively. > > (I've gone through this discussion several times since then on mailing > lists, and can dredge up details from those if necessary.)
I found only this one on LWN: "Reports of procmail's death are not terribly exaggerated" https://lwn.net/Articles/416901/ I liked Procmail back when I was using it, but that was a long time ago. Neither now nor then could I look under the hood so I defer to others on that. /Lars _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng