[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim the standard MTA for slink?

>>"Mark" == Mark W Eichin <eichin@thok.org> writes:

 Mark> Hah.  It has been ten years, just about to the day, since the Morris
 Mark> Worm hit thousands of machines (when the net only *had* 60,000
 Mark> machines!) and one of the primary vectors it used was a *deliberately
 Mark> introduced* sendmail security hole (the DEBUG "feature" was
 Mark> specifically intended to allow the author to update the sendmail
 Mark> binary on a machine he didn't have root access to.)  Some of us, at
 Mark> least, have no plans to ever trust sendmail again...

	Those were kinder, gentler, times. We allowed mail
 relaying. We allowed guest accounts. We allowed people to bounce off
 our dial in lines (instead of connecting to the local machine, you
 could say telnet prep.ai.mit.edu (or what have you) and go off there,
 using our modem pool.

	We had no filters on our mail. We encouraged Incoming ftp and
 gopher directoriies that were had read/write priviledges. 

	In the context of the times, sendmail was not unusual. Do not
 damn sendmail for conforming to the model of trust that was the
 internet in those days.

 Learn to pause -- or nothing worthwhile can catch up to you.
Manoj Srivastava  <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

Reply to: