Though I have no issue with offering an option other than "sendmail", I
wouldn't want to see "sendmail" go away. We pretty much use the same
"sendmail" configs on all of our heterogeneous systems including Suns
and wouldn't want to have to port "postfix" or something to all of our
non-Linux systems so we can use a common config.
Frankly I'm kind of tired of hearing how bad sendmail is. We've used it
for ages and have had fantastic luck with it. Yes, the source code is
ugly and it is a muddy mess to figure out, but once you do it works
pretty damn well. I also would question whether these other products are
actually more secure or rather just haven't taken the beating yet that
sendmail has. Certainly I would admit that sendmail's code looks like
just the sort of spaghetti that would leave it ripe to have holes.
At any rate, as I said I don't mind if other options are there as well,
but I think sendmail should remain.
- Matt
Jean Francois Martinez wrote:
>
> On Tue, 23 Jan 2001 20:05:41 +0100 (CET), Bernhard Rosenkraenzer said:
>
> > On Tue, 23 Jan 2001, Albert E. Whale wrote:
> >
> > > Today I found that several unwanted guests have been able to connect via
> > > ftp (not any more!). I also found some mysterious files 'running' on
> > > the server. I was able to detect the processes using the monitor
> > > utility (or top). However, I was UNABLE to find the processes in the ps
> > > -ax output?????? I've never seen this before. Is this a new exploit?
> >
> > Chances are they replaced your ps with a patched version that doesn't show
> > their stuff.
> > Reinstall the procps package. Better yet, reinstall the system. You never
> > know what else they've done to you.
> >
>
> Isn't RedHat playing with fire and making us play with fire by using software
> who is either a regular provider of security problems ie wu-ftpd (what is wrong
> with proftpd?) or software who is _structurally_ unsecure like sendmail? By
> structurally unsecure I mean big setuid root program. The more code you have
> running setuid root the greater the chances a bug will have catastrophic
> consquences. So first step woulxd be to clean up RedHat of a few broken
> programs kept in the name of tradition
>
> I also don't understand why RedHat doesn't use its own excellent lokkit in the
> installation. You just answer a couple questions, and connections coming from
> the iNternet will be denied. In present state many users don't even know
> about this jewel and in addition since the server install does not install X
> (worth 2 dollars of disk space) it means you don't get it in the server
> install.
>
> Finally I would like to see better access control through RSBAC and the like i
> Linux. The omnipotence of root and the fact far too many programs need to run
> as root is a structural security problem in Unix.
>
> JFM
>
> _______________________________________________
> Redhat-devel-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-devel-list
--
---------------------------------------------------------------------
Matt Fahrner 2 South Park St.
Manager of Networking Willis House
Burlington Coat Factory Warehouse Lebanon, N.H. 03766
TEL: (603) 448-4100 xt 5150 USA
FAX: (603) 443-6190 [EMAIL PROTECTED]
---------------------------------------------------------------------
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
