On Tue, Jan 23, 2001 at 09:02:40PM +0100, Jean Francois Martinez wrote:
> Isn't RedHat playing with fire and making us play with fire by using
> software who is either a regular provider of security problems ie
> wu-ftpd (what is wrong with proftpd?) or software who is
> _structurally_ unsecure like sendmail? By structurally unsecure I
> mean big setuid root program. The more code you have running setuid
> root the greater the chances a bug will have catastrophic
> consquences. So first step woulxd be to clean up RedHat of a few
> broken programs kept in the name of tradition
You are actually making two assumptions here:
1) replacing the application will solve the problem
2) it isn't possible, or worthwhile, to fix the problems because
of problems with the overall architecture of an application
Assumption 1) has been heavily contested by other posters, especially
with regard to proftpd. I second that.
Assumption 2) is common with security folks who like 'clean' solutions
(for obvious, and mostly good reasons). I personally don't regard it
as a really good idea for the long-term, though. Obviously, one reason
is the associated administrative cost which is not to be disregarded
lightly -- many security problems are the result of overworked
administrators and adding to their workload isn't really going to
improve matters.
Additionally, the "don't fix it, replace it" mentality is unhealthy in
the long run. It doesn't encourage good coding practices and it will
split the development workforce. I wonder in what condition sendmail
would be today if all the people who started their own MTA had
contributed to sendmail instead... We're talking about free software,
after all.
Regards
btw, I used qmail in the past and also tried postfix for an extended
period. I always returned to using sendmail -- a lot of the problems
are things of the past and nothing can beat if featurewise. With M4
macros, its even easy to configure IMHO.
--
Ingo Luetkebohle / [EMAIL PROTECTED] / 95428014
/
| Student of Computational Linguistics & Computer Science;
| Fargonauten.DE sysadmin; Gimp Registry maintainer;
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
