Dave Sill writes:
> >So has any expert ever audited qmail or djbdns?
>
> No. Any audit worth doing would be prohibitively expensive for a
> freeware project. $1000 wouldn't even begin to cover it, at least for
> qmail.
Still, I've read an awful lot of Dan's code. I've seen a few places
where I said "Hey, that's a security hole." But on further
investigation, I can see that there's just no way (e.g. formatting a
16-bit integer into digits stored in a fixed-length string without
bothering to ensure that the string won't get overflown by MiGs and
strafed).
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | The best way to help the poor
521 Pleasant Valley Rd. | +1 315 268 1925 voice | is to help the rich build
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | up their capital.