On Tue, Apr 03, 2001 at 11:27:15PM -0400, Richard A Nelson wrote: > I'm considering a change in the sendmail package to increase security - > this change may also windup being the default in later sendmail > distributions. [...] > I'm implimenting this on my boxen for testing, and would welcome other > ideas, questions & complaints (again, pissing contests will be deleted > post haste). I'm against this. I really wish people would stop installing NAT/firewalls/wrappers/jails/etc, which are merely kludges, and would start fixing the real problem. Yes, sendmail is known for the security issues it had. If you think it still has security issues making it unsafe to run as root, then why not fix those issues? That would be better than still having issues but merely obscured by some tricks. sm-mta would still have root privileges, thereby still allowing someone to exploit the alledged security issues. sm-msp would only be limitted to destroying your entire mailqueue. IMO, I think you should keep sendmail as it is, and those who really want this kind of protection have a choice of other mailers to choose from. ------------------------------------------- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> ------------------------------------------- See also: http://tinc.nl.linux.org/ http://www.kernelbench.org/ -------------------------------------------
Attachment:
pgpH4Nso6rvgE.pgp
Description: PGP signature