From owner-freebsd-hackers Mon Nov 25 14:12:16 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id OAA13705 for hackers-outgoing; Mon, 25 Nov 1996 14:12:16 -0800 (PST) Received: from sdev.usn.blaze.net.au (sdev.usn.blaze.net.au [203.17.53.19]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA13644 for ; Mon, 25 Nov 1996 14:12:05 -0800 (PST) Received: (from davidn@localhost) by sdev.usn.blaze.net.au (8.8.2/8.6.9) id JAA17141; Tue, 26 Nov 1996 09:11:45 +1100 (EST) Message-ID: Date: Tue, 26 Nov 1996 09:11:45 +1100 From: davidn@sdev.usn.blaze.net.au (David Nugent) To: msmith@atrad.adelaide.edu.au (Michael Smith) Cc: hackers@FreeBSD.ORG Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2 References: <4572.848895649@time.cdrom.com> <199611250434.PAA27300@genesis.atrad.adelaide.edu.au> X-Mailer: Mutt 0.50 Mime-Version: 1.0 In-Reply-To: <199611250434.PAA27300@genesis.atrad.adelaide.edu.au>; from Michael Smith on Nov 25, 1996 15:04:54 +1030 Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Michael Smith writes: > I'd also appreciate input from anyone that can see a problem with having > sendmail lying around but not running; if it's thought that this is still > a security risk, then there should be a comment in the handbook section > on mailer security suggesting that it be disabled (nuked, re-moded, etc.). Most mailers that are intended to replace sendmail's functionality also replace the sendmail binary in /usr/sbin with a front-end that does much the same, or at least a symbolic link that points to the 'real' front-end. There's a good deal of sendmail dependancy out there in MUAs. David Nugent, Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet davidn@blaze.net.au http://www.blaze.net.au/~davidn