update

Jimmy Hess mysidia at gmail.com
Sun Sep 28 02:48:34 UTC 2014


On Sat, Sep 27, 2014 at 8:10 PM, Jay Ashworth <jra at baylink.com> wrote:
> I haven't an example case, but it is theoretically possible.

Qmail-smtpd  has a buffer overflow vulnerability related to integer
overflow which can only be reached when compiled on a 64-bit platform.
x86_64  did not exist when the code was originally written.

If memory serves,  the author never acknowledged the vulnerability and
declined to pay bounty or fix the bug stating   that nobody allows
gigabytes of RAM per smtp process.

However.... you see, there you have a lingering bug that can be
exposed under the right environment....   (Year 2030...  computers
have Petabytes of RAM...  why would you seriously limit any one
process to less than a terabyte....?)

-> http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html

> Cheers,
> -- jra
--
-JH


More information about the NANOG mailing list