From owner-freebsd-current Thu Nov 5 15:47:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA21051 for freebsd-current-outgoing; Thu, 5 Nov 1998 15:47:21 -0800 (PST) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from gina.swimsuit.internet.dk (mail.swimsuit.internet.dk [194.255.12.232]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA21029 for ; Thu, 5 Nov 1998 15:47:13 -0800 (PST) (envelope-from leifn@swimsuit.internet.dk) Received: from localhost (localhost.swimsuit.internet.dk [127.0.0.1]) by gina.swimsuit.internet.dk (8.9.1a/8.9.1) with ESMTP id AAA06705; Fri, 6 Nov 1998 00:46:43 +0100 (CET) (envelope-from leifn@swimsuit.internet.dk) Date: Fri, 6 Nov 1998 00:46:42 +0100 (CET) From: Leif Neland To: jack cc: freebsd-current@FreeBSD.ORG Subject: Re: sendmail.8.9.1a patch In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 5 Nov 1998, jack wrote: > On Thu, 5 Nov 1998, Leif Neland wrote: > > > Could somebody please apply the sendmail-8.9.1a patch to > > /usr/src/contrib/sendmail? > > Let's hope not, at least not as the default. From > sendmail.8.9.1a.patch.README > > Introduction > > [snip] > It is important to note that sendmail itself is not > vulnerable to these attacks. > [snip] > > Tradeoffs > > As this patch requires scanning the body of the message for > MIME indicators, there will be a performance penalty to run > this code. > But it doesn't hurt to compile it in (it will probably be in 8.9.2 anyway). If you dont put the LOCAL_CONFIG O MaxMimeHeaderLength=256/128 in sendmail.mc, it will not be used, anf performance shouldn't be hurt. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message