Wednesday, January 20, 2010

New MaraDNS snapshot

Since some freetard thinks a "security report" which they can send me in private email is a report of a segfault, without doing any due diligence whatsoever to see if the issue in question can be exploited, I have updated my mailme.php to point out it's not a security report unless you have "done due diligence to determine how the security bug you think you found can reasonably be exploited".

I have replied to this twit with my "pay me for support or I'll forward your email to the list" form reply, but have also fixed the segfault in question. This is a segfault; it's not a security problem because a NULL pointer dereference can only be exploited in the kernel, not in userland (where the kernel promptly terminates the process). The fix can be downloaded here:

http://maradns.org/download/1.4/snap/201001

I wonder what idiotic excuse freetards will use to email me asking me for support next. Having the "I'll make your email public if you reply" note at least stops them from replying to my "pay me for support or take it to the list" form reply with some idiotic "But I'm entitled to free support!" reply.

And, yes, I have no problem with people sending me these kinds of reports to the mailing list.