Hacker News new | ask | show | jobs
by ornxka 1877 days ago
>Postfix is written in C, and none of us should be comfortable with that

qmail is written in C, and it has never had a serious security hole that I am aware of. Not all C code is unsafe.
2 comments
erik_seaberg 1877 days ago
64-bit qmail was remotely exploitable. The author believes a small address space (below 4 GB) was an adequate mitigation, but the code was confused and trying to do something unsafe.

https://lwn.net/Articles/820969/

link
tptacek 1876 days ago
One thing you can say for both Postfix and qmail is that they're written to avoid the problems of the C standard library. Exim is not.
link