From owner-freebsd-security  Mon Nov 18 08:07:05 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA24036
          for security-outgoing; Mon, 18 Nov 1996 08:07:05 -0800 (PST)
Received: from fps.biblos.unal.edu.co ([168.176.37.11])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA24024
          for <freebsd-security@freebsd.org>; Mon, 18 Nov 1996 08:06:42 -0800 (PST)
From: pgiffuni@fps.biblos.unal.edu.co
Received: from localhost by fps.biblos.unal.edu.co (AIX 4.1/UCB 5.64/4.03)
          id AA24360; Mon, 18 Nov 1996 11:11:29 -0500
Date: Mon, 18 Nov 1996 11:11:29 -0500 (EST)
To: Marc Slemko <marcs@znep.com>
Cc: Warner Losh <imp@village.org>, Mark Newton <newton@communica.com.au>,
        freebsd-security@freebsd.org
Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). 
In-Reply-To: <Pine.BSF.3.95.961117221653.223D-100000@alive.ampr.ab.ca>
Message-Id: <Pine.A41.3.95.961118110342.22356D-100000@fps.biblos.unal.edu.co>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, 17 Nov 1996, Marc Slemko wrote:

> 
> This would be implemented with either one big program or, more likely,
> a bunch of little programs with a consistent pretty (ie. sysinstall
> like, although libdialog is ugly) interface and a parent program that
> lets you run any of them.  Perhaps some day I will get around to
> trying to make such a program.
> 
AIX has a nice program (probably just a script) called securetcpip. You
run it once and it closes tftp, rlogin, and a bunch of services. The
disavantage is that you if you run it you`ll probably have to reinstall to
open one of the "unsecure" services. Probably it`s a complement to a C2
security package.
For the time being the logical choice is to correctly configure the newest
sendmail, port other mailers and pray !

Pedro