From owner-freebsd-security Thu Jan 16 05:36:26 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id FAA21425 for security-outgoing; Thu, 16 Jan 1997 05:36:26 -0800 (PST) Received: from foobar.gw2kbbs.com (foobar.gw2kbbs.com [205.217.137.150]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id FAA21407 for ; Thu, 16 Jan 1997 05:36:23 -0800 (PST) Received: from blue ([10.12.5.66]) by foobar.gw2kbbs.com (8.7.5/8.6.11) with SMTP id HAA11286 for ; Thu, 16 Jan 1997 07:09:14 -0600 (CST) Message-ID: <32DE16C4.35A3@gw2kbbs.com> Date: Thu, 16 Jan 1997 06:53:40 -0500 From: Tyson Reply-To: tysonb@gw2kbbs.com X-Mailer: Mozilla 2.02E (OS/2; I) MIME-Version: 1.0 To: security@freebsd.org Subject: Re: sendmail running non-root SUCCESS! References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Sean J. Schluntz wrote: > Just to stick my nose in on this one for a moment. I would in the past, now, > and will continue to vote for sendmail. Just because another projgram is > newer does not mean that it is any easer to crack, it just means that the Nothing in life is certain; a newer tool may have had extremely talented people with a gift for secure code, and massive luck on their side. I wish I could say for certain that something WILL work. I can only tell you in terms of the relative probability. :( > holes have not been discovered yet. sendmail is not my favorit to work on, > but I will never trade it for anything else. Before we get all crazy here (poems extolling the virtues of sendmail, flames, & etc.), here is my $.02 worth; All you're talking about here is a tool. Plain and simple. I don't think I'll ever fall in love with a hammer, but when I need to pound a nail, I look for it (usually at the last place I used it... ;-) ). There are other tools, some better suited to the job at hand, some that miss the mark in some way. New tools come along every day. The fact remains, that when I need a hammer, I'll come looking for one or something that passes for one. When I need a screwdriver, I'll look for a screwdriver. When I need a tool to keep my network safe, I'll subscribe to the appropriate mailing list. A value judgement on a tool in this list devalues this list as a tool; we're adults here, and the assumption that you know what you're doing is a critical first step in finding a solution for whatever issue you're facing at the moment. To sum up, let's keep the discussion on track.