To clarify my comments a bit... I agree sendmail has a larger TCB, so if there's going to be a problem it's going to be more likely to have dire consequences. I was just trying to point out that the mere fact that sendmail wasn't designed for security doesn't mean that sendmail shouldn't be instantly considered insecure. I do believe that postfix and qmail are both less risky to run, ultimately (and I have not run sendmail in years). I think in rereading my mail, what I was trying to say didn't really come through. John > Well, I think that's a bit unfair. Dan is certainly as careful as one > can expect a programmer to be, but that doesn't mean he is flawless. > Also, I think that shrifts the recent state of sendmail a bit, which > has had a huge auditing effort, etc. Yes, sendmail is large and that > makes it harder to secure. But if you're a subscriber to the > many-eyeballs theory, you can bet it's had a LOT more eyes than qmail, > and how does that impact things? > > When it comes to new-ish problems like format strings and some of the > more esoteric signal handling problems, I don't think it's very fair > to make any judgements based on that. If people weren't aware of a > problem, how could they design around it? I think these problems > could just as easily have happened to qmail. > > > I'm curious how many of the 'sendmail-isms' are supported by postfix. > > Everything except the big configuration file, IIRC (I don't pay too > much attention to the state of MTAs). Same aliases, and I think the > same virtual user stuff, etc. > > John
This archive was generated by hypermail 2b30 : Sun Jun 24 2001 - 10:40:01 PDT