mysidia at gmail.com
Sun Sep 28 02:48:34 UTC 2014
On Sat, Sep 27, 2014 at 8:10 PM, Jay Ashworth <jra at baylink.com> wrote:
> I haven't an example case, but it is theoretically possible.
Qmail-smtpd has a buffer overflow vulnerability related to integer
overflow which can only be reached when compiled on a 64-bit platform.
x86_64 did not exist when the code was originally written.
If memory serves, the author never acknowledged the vulnerability and
declined to pay bounty or fix the bug stating that nobody allows
gigabytes of RAM per smtp process.
However.... you see, there you have a lingering bug that can be
exposed under the right environment.... (Year 2030... computers
have Petabytes of RAM... why would you seriously limit any one
process to less than a terabyte....?)
> -- jra
More information about the NANOG