Re: Secure popen

From: John Viega (viegaat_private)
Date: Fri Jun 22 2001 - 10:45:12 PDT

  • Next message: Chris Ess: "Re: Secure popen"

    To clarify my comments a bit...
    
    I agree sendmail has a larger TCB, so if there's going to be a problem
    it's going to be more likely to have dire consequences.  I was just
    trying to point out that the mere fact that sendmail wasn't designed
    for security doesn't mean that sendmail shouldn't be instantly
    considered insecure.  I do believe that postfix and qmail are both
    less risky to run, ultimately (and I have not run sendmail in years). 
    
    I think in rereading my mail, what I was trying to say didn't really
    come through.
    
    John
    
    > Well, I think that's a bit unfair.  Dan is certainly as careful as one
    > can expect a programmer to be, but that doesn't mean he is flawless.
    > Also, I think that shrifts the recent state of sendmail a bit, which
    > has had a huge auditing effort, etc.  Yes, sendmail is large and that
    > makes it harder to secure.  But if you're a subscriber to the
    > many-eyeballs theory, you can bet it's had a LOT more eyes than qmail,
    > and how does that impact things?  
    > 
    > When it comes to new-ish problems like format strings and some of the
    > more esoteric signal handling problems, I don't think it's very fair
    > to make any judgements based on that.  If people weren't aware of a
    > problem, how could they design around it?  I think these problems
    > could just as easily have happened to qmail.
    > 
    > > I'm curious how many of the 'sendmail-isms' are supported by postfix.
    > 
    > Everything except the big configuration file, IIRC (I don't pay too
    > much attention to the state of MTAs).  Same aliases, and I think the
    > same virtual user stuff, etc.  
    > 
    > John
    



    This archive was generated by hypermail 2b30 : Sun Jun 24 2001 - 10:40:01 PDT