On Tue, Apr 03, 2001 at 11:27:15PM -0400, Richard A Nelson wrote:
> I'm considering a change in the sendmail package to increase security -
> this change may also windup being the default in later sendmail
> distributions.
[...]
> I'm implimenting this on my boxen for testing, and would welcome other
> ideas, questions & complaints (again, pissing contests will be deleted
> post haste).
I'm against this. I really wish people would stop installing
NAT/firewalls/wrappers/jails/etc, which are merely kludges, and would start
fixing the real problem.
Yes, sendmail is known for the security issues it had. If you think it still
has security issues making it unsafe to run as root, then why not fix those
issues? That would be better than still having issues but merely obscured by
some tricks. sm-mta would still have root privileges, thereby still allowing
someone to exploit the alledged security issues. sm-msp would only be limitted
to destroying your entire mailqueue.
IMO, I think you should keep sendmail as it is, and those who really want this
kind of protection have a choice of other mailers to choose from.
-------------------------------------------
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@sliepen.warande.net>
-------------------------------------------
See also: http://tinc.nl.linux.org/
http://www.kernelbench.org/
-------------------------------------------
Attachment:
pgpH4Nso6rvgE.pgp
Description: PGP signature