On Wed, Oct 09, 2002 at 11:01:21PM +0100, Ben Laurie wrote: > Bill Stewart wrote: > > Somebody backdoored the source code for Sendmail on the official server. > > So if you recompile from scratch, your sendmail is 0wned. > > Another reason not to run mail systems as root.... > > In this case, as I understand it, it bites when you compile.
Running 'configure' has always made me nervous. Its a little difficult to read for exploit code. > So, its > another reason not to build them as root. "But you're _supposed to_ run rpm -b as root!"-- someone who should know better since I'd just spent an hour explaining what to look for to see if his install of sendmail had gotten him 0wned. Sigh. Eric
