On Tue, Mar 11, 2003, Shachar Shemesh wrote about "Re: Insta Party!": > Oron Peled wrote: > > >It is extremly important, especially with respect to security > >updates. We don't want to create extra 100 vulnerable sendmails > >out in the wild now, do we? > > > No reason to have a listening sendmail on the installed machines. We > install machines that have 0 (zero, nada, zilch, gurnisht, mafish) > listening services, and the chances of exploitation drop tremendiously.
Indeed, Redhat starting from version 7.1 (if I remember correctly), have a quite "safe" installation by default, including a sendmail only listening on localhost and other crap (telnet, ftp, etc.) disabled by default. But users, especially newbies, might be tempted to turn these on (wow, I can have a ftp server, web server and mail server on my system connected through a modem? cool!), so they better not have holes... > AFAIR licq had vulnerabilities as well, so this does not eliminate the > risks totally, but it greatly reduces them. Yes, there were a number of holes in client programs (even in stuff like the "file" command...), libraries (openssl), and so on. By the way, I wonder if it's possible to instead of creating an update CD, simply replace the updated RPMs on the original Redhat installation CDs... -- Nadav Har'El | Tuesday, Mar 11 2003, 7 Adar II 5763 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |"Mommy! The garbage man is here!" "Well, http://nadav.harel.org.il |tell him we don't want any!"- Groucho Marx ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
