From owner-freebsd-hackers Sun Nov 24 16:35:19 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA23005 for hackers-outgoing; Sun, 24 Nov 1996 16:35:19 -0800 (PST) Received: from ami.tom.computerworks.net (AMI.RES.CMU.EDU [128.2.95.1]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id QAA22992 for ; Sun, 24 Nov 1996 16:35:08 -0800 (PST) Received: from bonkers.taronga.com by ami.tom.computerworks.net with smtp (Smail3.1.29.1 #3) id m0vRp0r-0021WNC; Sun, 24 Nov 96 19:35 EST Received: (from peter@localhost) by bonkers.taronga.com (8.6.11/8.6.9) id SAA08169 for hackers@freebsd.org; Sun, 24 Nov 1996 18:41:54 -0600 From: peter@taronga.com (Peter da Silva) Message-Id: <199611250041.SAA08169@bonkers.taronga.com> Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2 To: hackers@freebsd.org Date: Sun, 24 Nov 1996 18:41:53 -0600 (CST) In-Reply-To: <199611250006.KAA25958@genesis.atrad.adelaide.edu.au> from "Michael Smith" at Nov 25, 96 10:36:57 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > "Sendmail is the de-facto Unix standard mail delivery agent. Is is > continually subjected to rigorous security scrutiny and frequently > updated. Don't make me laugh. It has more security holes revealed per year than every other setuid program in UNIX put together. > - expose a pile of security holes that the Qmail developer(s) never > thought existed. Have you looked at qmail? The bits exposed to the outside world don't even run as root. EVER. > - make FreeBSD the laughing stock of the unix community. The part of the UNIX community that doesn't care about security, anyway.