From owner-freebsd-security  Sun Jan 26 14:42:49 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id OAA29389
          for security-outgoing; Sun, 26 Jan 1997 14:42:49 -0800 (PST)
Received: from www.trifecta.com (www.trifecta.com [206.245.150.3])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA29379
          for <freebsd-security@freebsd.org>; Sun, 26 Jan 1997 14:42:43 -0800 (PST)
Received: (from dev@localhost) by www.trifecta.com (8.7.5/8.6.12) id RAA20529; Sun, 26 Jan 1997 17:45:28 -0500 (EST)
Date: Sun, 26 Jan 1997 17:45:28 -0500 (EST)
From: Dev Chanchani <dev@trifecta.com>
To: Stephen Fisher <lithium@cia-g.com>
cc: "Sean J. Schluntz" <schluntz@pinpt.com>, freebsd-security@freebsd.org,
        Ollivier Robert <roberto@keltia.freenix.fr>
Subject: Re: sendmail running non-root SUCCESS! 
In-Reply-To: <Pine.BSI.3.95.970118183715.21074C-100000@maslow.cia-g.com>
Message-ID: <Pine.BSF.3.91.970126174158.20505B-100000@www.trifecta.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Sat, 18 Jan 1997, Stephen Fisher wrote:

> 
> I would like to use a mailer which I feel is better designed and
> programmed (security wise) but.... Since everyone uses Sendmail and
> everyone is hacking away at it I feel I'm pretty safe.  Security problems
> are fixed quickly and without problems.  And it's assumed you're using
> sendmail: when people work on "anti-spam" things they have sendmail
> rulesets to do it.
> 
> Write a new mailer that has the power and functionality of Sendmail
> without the problems and uses sendmail.cf's format and I'll use it.

A powerful and functional, yet secure mailer seem to be way too much of 
an oxymoron these days.

Until programmers learn the intricacies of unix multi-user program (a la stack overflows, race 
condtions, unvalidated user input, etc.) there will be security holes in 
complex programs like sendmail.

In the meantime, you need to evaluate your security needs. Do you wish to 
prioritize security and run something like qmail or smap, smapd and 
sendmail not running as root.. Or is your priority functionality, in 
which case you may have to run sendmail.

BTW: Does anyone know if you can use sendmail-like rewriting rules that 
allow you to accept mail for various virtual domains with qmail?

	--Dev