> We hear about sendmail's lack of reliability but I am not aware of any > security problems since version 8.8.5, that's 4 releases ago. If you're > going to discount software because it had bugs in a previous release then > you'd have to pass on 99% of the firewall technology available today. This logic was employed at Sendmail version 8.7.5, which, if you'll recall, withstood public scrutiny for quite some time (longer, I think, than the 4 releases we've seen --- you can verify this pretty easily). Following 8.7.5 was an onslaught of security bugs, including blatantly obvious issues (like the SIGHUP handler that actually executed argv[0]). The odds are that we will find more Sendmail bugs, not because Sendmail is software written by a human being, but because Sendmail has a poor design (from a security perspective) which makes the possibility and scope of new security holes large. I realize that we've found bugs in firewall products. Bugs have been found in virtually everything. The question is not whether it's *possible* that we will find an exploitable problem in a given computing component, but whether it is *likely* that we will. From this, we can gauge whether the rewards of deploying something outweigh the risks. I submit that it is likely that we will find bugs in switches, because switches are performance-enhancing devices that are not (AFAIK) designed with security as a priority. I submit it is unlikely that we will find a bug (easily) in any given application gateway firewall. ----------------------------------------------------------------------------- Thomas H. Ptacek Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.enteract.com/~tqbf "If you're so special, why aren't you dead?"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:48 PDT