Re: Secure popen

From: Chris Ess (azarinat_private)
Date: Fri Jun 22 2001 - 10:58:42 PDT

  • Next message: Crispin Cowan: "Re: OT: Re: Secure popen"

    > To clarify my comments a bit...
    
    And to clarify mine.
    
    >
    > I agree sendmail has a larger TCB, so if there's going to be a problem
    > it's going to be more likely to have dire consequences.  I was just
    > trying to point out that the mere fact that sendmail wasn't designed
    > for security doesn't mean that sendmail shouldn't be instantly
    > considered insecure.  I do believe that postfix and qmail are both
    > less risky to run, ultimately (and I have not run sendmail in years).
    >
    
    I don't necessarily consider sendmail insecure, but with the
    relatively large number of root-able exploits, I have misgivings over
    running it myself.
    
    However, BIND also has the same problems and I find myself running it
    anyway.  (I definitely stay on top of BIND stuff though.)
    
    Really, sendmail is a very configurable MTA and is very good at what it
    does.  Now, granted, some of the features are useless to many people and
    the configuration file makes badly-written Perl look legible...  But it
    works, and there are many people out there who will swear by it.
    
    When I rebuilt my machine, I was originally going to install sendmail but
    glibc 2.1.3 had an essentially-broken copy of Berkeley db in it. (At least
    it was broken for me.)  And I failed managing to get my machine to
    recognize the copy of Berkeley db 3.x I had compiled first.  (Which was
    dumb of me, admittedly.)  And without db support, I couldn't compile
    either sendmail or postfix.  So I use qmail.
    
    I don't have many issues with qmail, and I feel that qmail when coupled
    with some of the other modules/add-ons for it (such as vpopmail) can
    easily catch up to sendmail's many features... and is easier to configure.
    
    --CAE  Kujikenaikara!
    
    Sub caelo noctis sto quod stellae mihi spem dant.
    
    "Just a whisper.  I hear it in my ghost."
    --Major Matoko Kusanagi, "Ghost in the Shell"
    



    This archive was generated by hypermail 2b30 : Sun Jun 24 2001 - 10:42:01 PDT