Some thoughts on security after ten years of qmail 1.0

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2007, Pages 1-10

  Bernstein, Daniel J ^a  

^a UNIVERSITY OF ILLINOIS AT CHICAGO   (United States)

Author keywords

Eliminating bugs; Eliminating code; Eliminating trusted code

Indexed keywords

ELIMINATING BUG; ELIMINATING CODE; ELIMINATING TRUSTED CODE; INTERNET MAIL; MAIL TRANSFER AGENTS; SECURE PROGRAMMING;

SOFTWARE AGENTS;

EID: 79959561018     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1314466.1314467     Document Type: Conference Paper

References (24)

1. Anurag Acharya, Mandar Raje, M A Pbox: using parameterized behavior classes to confine untrusted applications, 9th USENIX Security Symposium (2000). URL: http://www.usenix.org/publications/library/proceedings/sec2000/acharya. html. Citations in this document: §2.5.
2. Vinod Anupam, Alain Mayer, Security of web browser scripting languages: vulnerabilities, attacks, and remedies, 7th USENIX Security Symposium (1998). URL: http://www.usenix.org/publications/library/proceedings/sec98/anupam.html. Citations in this document: §2.5.
3. M. Lee Badger, Daniel F. Sterne, David L. Sherman, Kenneth M. Walker, Sheila A. Haghighat, A domain and type enforcement UNIX prototype, 5th USENIX Security Symposium (1995). URL: http://www.usenix.org/events/security95/badger. html. Citations in this document: §2.5.
4. Daniel J. Bernstein, Internet host SMTP server survey, posting to comp.security.unix, comp.mail.misc, comp.mail.sendmail (1996). URL: http://cr.yp.to/surveys/smtpsoftware.txt. Citations in this document: §1.1.
5. Daniel J. Bernstein, Re: Logging question (1996). URL: http://www.ornl.gov/lists/mailing-lists/qmail/1996/12/msg00314.html. Citations in this document: §3.3.
6. Daniel J. Bernstein, Curve25519: new Diffie-Hellman speed records, in [24] (2006), 207-228. URL: cr.yp.to/papers.html#curve25519. Citations in this document: §2.6.
7. Richard Blum, Running qmail, Sams Publishing, 2000. ISBN 978-0672319457. Citations in this document: §1.2.
8. Computer Emergency Response Team, CERT advisory CA-2002-19: buffer overflows in multiple DNS resolver libraries (2002). URL: http://www.cert.org/ advisories/CA-2002-19.html. Citations in this document: §2.5.
9. Edsger W. Dijkstra, Introducing a course on mathematical methodology, EWD962 (1986). URL: http://www.cs.utexas.edu/users/EWD/ewd09xx/EWD962.PDF. Citations in this document: §4.
10. Jeff Gennari, Vulnerability Note VU#834865: Sendmail contains a race condition (2006). URL: http://www.kb.cert.org/vuls/id/834865. Citations in this document: §1.1.
11. Ian Goldberg, David Wagner, Randi Thomas, Eric Brewer, A secure environment for untrusted helper applications (confining the wily hacker), 6th USENIX Security Symposium (1996). URL: http://www.usenix.org/publications/ library/proceedings/sec96/goldberg.html. Citations in this document: §2.5, §2.5, §2.5, §2.5.
12. Internet Security Systems, Remote Sendmail header processing vulnerability (2003). URL: http://www.iss.net/issEn/delivery/xforce/alertdetail. jsp?oid=21950. Citations in this document: §2.3.
13. Donald Knuth, Structured programming with go to statements, Computing Surveys 6 (1974), 261-301. Citations in this document: §2.6.
14. John R. Levine, qmail, O'Reilly, 2004. ISBN 978-1565926288. Citations in this document: §1.2.
15. Nimisha V. Mehta, Karen R. Sollins, Expanding and extending the security features of Java, 7th USENIX Security Symposium (1998). URL: http://www.usenix.org/publications/library/proceedings/sec98/mehta.html. Citations in this document: §2.5.
16. David S. Peterson, Matt Bishop, Raju Pandey, A flexible containment mechanism for executing untrusted code, 11th USENIX Security Symposium (2002). URL: http://www.usenix.org/events/sec02/peterson.html. Citations in this document: §2.5.
17. Eric Raymond, The cathedral and the bazaar (1997). URL: http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/. Citations in this document: §2.1.
18. Jerry H. Saltzer, Mike D. Schroeder, The protection of information in computer systems, Proceedings of the IEEE 63 (1975), 1278-1308. Citations in this document: §2.5.
19. Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, David Wagner, Detecting format string vulnerabilities with type qualifiers, 10th USENIX Security Symposium (2001). URL: http://www.usenix.org/publications/library/proceedings/ sec01/shankar.html. Citations in this document: §3.3.
20. Dave Sill, The qmail handbook, Apress, 2002. ISBN 978-1893115408. Citations in this document: §1.2.
21. Kenneth M. Walker, Daniel F. Sterne, M. Lee Badger, Michael J. Petkac, David L. Sherman, Karen A. Oostendorp, Confining root programs with domain and type enforcement, 6th USENIX Security Symposium (1996). URL: http://www.usenix.org/events/sec96/walker.html. Citations in this document: §2.5.
22. Kyle Wheeler, Qmail quickstarter: install, set up and run your own email server, Packt Publishing, 2007. ISBN 978-1847191151. Citations in this document: §1.2.
23. Chris Wright, Crispin Cowan, Stephen Smalley, James Morris, Greg Kroah-Hartman, Linux security modules: general security support for the Linux kernel, 11th USENIX Security Symposium (2002). URL: http://www.usenix.org/ events/sec02/wright.html. Citations in this document: §2.5.
24. Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, Tal Malkin (editors), 9th international conference on theory and practice in public-key cryptography, New York, NY, USA, April 24-26, 2006, proceedings, Lecture Notes in Computer Science, 3958, Springer, Berlin, 2006. ISBN 978-3-540-33851-2. See [6].