Date: Wed, 14 May 1997 10:14:35 -0600 (MDT) From: Nate Williams <nate@mt.sri.com> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch), current@freebsd.org Subject: Re: RELENG_2_2 Message-ID: <199705141614.KAA27066@rocky.mt.sri.com> In-Reply-To: <16305.863622432@time.cdrom.com> References: <19970514111926.DF34579@uriah.heep.sax.de> <16305.863622432@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > popper is _way_ smaller, basically intelligible, does not provide the > > usual dangerous interfaces of MUAs (like spawning shells etc.). I can > > live with 10 poppers being setuid root, if this saves me from an MUA > > being set[ug]id at all. > > Heh. Small it may be, but you still only need the very smallest > security hole in a suid root program to give a cracker a very LARGE > degree of access to your system. :-) I think my point still stands, > and since nobody seems to be doing much in the way of hacking popper > to even fix its current degree of root dependence, small as it may be, > I'd say it's still obviously large enough to deter such work. Umm, given that popper is continually being developed by Qualcomm, I suspect that any security bugs in it are being fixed or addressed. However, dtmail is too complex to understand, let alone fix. Joerg's point is right on the money, and given our current situation popper 'rootness' is a *requirment* for having a secure mail system. > Seriously, this is not about me adding gratuitous features just for > the fun of calling down the email equivalent of lightning on my head - > I don't need that any more than the next guy - I'm simply trying to > implement what I feel is the far greater and more important strategy > of getting commercial software vendors to play ball with us, and by > doing so I've both accomodated CDE and sent the strong message to > other ISVs that we're willing to make concensions when necessary. Am > I truly the only one to see the importance of this? ;-) Making us work with vendors is *less* important than opening FreeBSD up for security holes. Go re-read all of the arguements for/against the proposed change, and the *only* arguement for it is to make dtmail work. Otherwise, there is no good reason for it, and many good reasons to not do it. Now you're just being silly and ignoring the fact that you've changed (and probably broken) the way mail is handled in stock FreeBSD if people don't have dtmail. For a single-user workstation like yours, it's not an issue. But for a multi-user (ie; ISP) site it's not acceptable. Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705141614.KAA27066>