On 12/12/18 1:13 PM, Rick Moen wrote:
> Quoting Lars Nood??n via Dng (dng@???):
>
>> It's probably a time that Procmail be retired, and thus anything based
>> on it. There have been a lot of reports in recent years of serious,
>> unsafe bugs in its processing. However, there is this comment about it
>> from a former Procmail maintainer to consider:
>>
>> https://marc.info/?l=openbsd-ports&m=141634350915839&w=2
>
> Upon examination, it turns out that the known flaws in Procmail lack any
> credible exploitation scenario. The matter was covered on LWN.net a few
> years ago, and I'm pretty sure nothing has changed substantively.
>
> (I've gone through this discussion several times since then on mailing
> lists, and can dredge up details from those if necessary.)
I found only this one on LWN:
"Reports of procmail's death are not terribly exaggerated"
https://lwn.net/Articles/416901/
I liked Procmail back when I was using it, but that was a long time ago.
Neither now nor then could I look under the hood so I defer to others
on that.
/Lars