Stuart Henderson <s...@spacehopper.org> wrote: > With OpenBSD release fast approaching and considering the lack of solid > information about the vulnerabilities, I think we should probably mark > mail/exim BROKEN for now.
That's almost too kind. > And also consider whether we want to keep this in ports at all... > The response to this was much weaker than I'd expect from maintainers > of software like this (note that it is a huge setuid root binary so > it'd really be nice if they were a bit more active on that front) Lacking any elements of privsep design. In this regard, it is a very strange piece of software. sendmail was so terrible decades ago, that qmail showed up as privsep-based-upon-file-moves. That was privsep program #2. Then postfix, called vmailer at the time, showed up with privsep via other forms of object movement, which is privsep program #3. (openssh then showed up as privsep program #4. In my version of history, privsep program #1 is the BSD auth subsystem, which is a piece of libc executing gid-hidden setuid/setgid-if-needed service programs with their own address spaces). Many years later, sendmail even grew some aspects of privsep. But exim? No...... it's a newer piece of software using old design rules. It's a bad piece of software to expose users to, via the ports/packages. Perhaps right after the ides of March next year, we should just move exim into base.