Thank you for reporting this.
This is only an issue in glibc2 on some Linux systems. In other C
libraries, the data returned by getpass() is limited to PASS_MAX. The
author of glibc2 apparently thought that it would help his ideology to
abolish the use of such functions by making glibc2's getpass() return a
limitless string.
Since mailutil is an auxillary shell tool and not a security program, I
don't think that there is a particular priority to protect it from user
abuse.
-- Mark --
http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.
_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
http://mailman2.u.washington.edu/mailman/listinfo/imap-uw
