Date: Sun, 26 Jan 1997 17:45:28 -0500 (EST) From: Dev Chanchani <dev@trifecta.com> To: Stephen Fisher <lithium@cia-g.com> Cc: "Sean J. Schluntz" <schluntz@pinpt.com>, freebsd-security@freebsd.org, Ollivier Robert <roberto@keltia.freenix.fr> Subject: Re: sendmail running non-root SUCCESS! Message-ID: <Pine.BSF.3.91.970126174158.20505B-100000@www.trifecta.com> In-Reply-To: <Pine.BSI.3.95.970118183715.21074C-100000@maslow.cia-g.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 18 Jan 1997, Stephen Fisher wrote: > > I would like to use a mailer which I feel is better designed and > programmed (security wise) but.... Since everyone uses Sendmail and > everyone is hacking away at it I feel I'm pretty safe. Security problems > are fixed quickly and without problems. And it's assumed you're using > sendmail: when people work on "anti-spam" things they have sendmail > rulesets to do it. > > Write a new mailer that has the power and functionality of Sendmail > without the problems and uses sendmail.cf's format and I'll use it. A powerful and functional, yet secure mailer seem to be way too much of an oxymoron these days. Until programmers learn the intricacies of unix multi-user program (a la stack overflows, race condtions, unvalidated user input, etc.) there will be security holes in complex programs like sendmail. In the meantime, you need to evaluate your security needs. Do you wish to prioritize security and run something like qmail or smap, smapd and sendmail not running as root.. Or is your priority functionality, in which case you may have to run sendmail. BTW: Does anyone know if you can use sendmail-like rewriting rules that allow you to accept mail for various virtual domains with qmail? --Dev
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970126174158.20505B-100000>