Hacker News new | ask | show | jobs
by daneel_w 1031 days ago
Does anyone know how qmail has fared since this PDF was written in 2007? Did it make it to 2023 without any bugs surfacing?
2 comments
troutwine 1031 days ago
It didn't make the transition to 64 bits worth of memory with the record intact. https://lwn.net/Articles/820969/ Although the CVE _is_ from 2005 so perhaps it doesn't count.
link
literalAardvark 1031 days ago
I mean... I'd say expecting a program written for a 32 bit OS to just work on 64 is excessive. And the fix is just to add mildly sane memory limits to the processes, which is an OS level task, thus, not necessarily a bug.

Not that the whole thing was very well handled.

link
troutwine 1031 days ago
I would argue that the fix is for the software to refuse to function if it can detect that it's in an environment where it won't function safely, to fail-closed rather than fail-open.
link
literalAardvark 1027 days ago
Fair enough, that's a good idea.
link
commandersaki 1031 days ago
https://lwn.net/Articles/820969/
link
emailsysadmin 1031 days ago
no one in their right mind keeps qmail-verify active for many reasons.
link