<quote who="Frank Knobbe"> > On Tue, 2003-07-15 at 18:14, Roberto Cardona wrote: >> Is the patch needed if the implementation of the auth module is correct? >> I >> checked and my conf files for qmail are setup correctly so I wonder if >> it's worth applying the patch. Thank you. > > From what I understand, the patch just ensures that the system is not > vulnerable if you accidentally do not set it up correctly. I haven't > looked at the code, but according to the description, it checks for the > presence of all three command line arguments, and refuses to relay if > one is missing. > > In other words, it's not a patch per se (i.e. to get rid of a bug), but > an added safety precaution. If you are confident, that you won't > misconfigure it by mistake, you don't need to apply the patch. Your > risk, your choice. > In addition to what you just said and what I posted previously, Uwe Ohse and others have pointed out that this patch is inappropriate in that it checks things which should NOT be checked and it acts as if there is only one way to start qmail-smtp. As a result I would not recommend that this patch be applied in any situation as the system administrator should just be doing his/her job and ensuring that it is configured correctly and securely. -davidu ---------------------------------------------------- David A. Ulevitch -- http://david.ulevitch.com http://everydns.net -+- http://communitycolo.net Campus Box 6957 + Washington University in St. Louis ---------------------------------------------------- ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jul 16 2003 - 21:55:46 PDT