On Tue, Dec 03, 2002 at 08:48:30PM -0600, Les Mikesell <[EMAIL PROTECTED]> wrote: > >From: "Charlie Brady" <[EMAIL PROTECTED]> > > > > A few years ago a decision to replace sendmail probably made sense > > > but now, especially with the split between inbound and outbound > > > queues, none of the old reasons apply. > > > > The last security update to sendmail was how long ago? Hmmm, Oct 2002 - > > not very long, really. > > Note that this patch was to smrsh, not sendmail and it stands as > an example that breaking functionality out into smaller programs > doesn't automatically make things more secure as some folks > would have you believe.
Those folks might be made of straw :-) -- they're not Wietse Venema or Dan Bernstein, at least. Splitting a big monolithic program that runs as root out into a bunch of little programs that all run as root *can't* make things any more secure. Venema and Bernstein (and Theo deRaadt in OpenSSh, recently) take advantage of *privilege separation* to make things more secure. Privilege separation in Postfix and in qmail happen to be implemented as separate programs, but that's an implementation issue -- it's not more secure *because* of the separate programs, but because of the privilege separation the separate programs divide. (Separate programs aren't necessary for privilege separation -- see recent OpenSSH versions for an example.) While it's true that sendmail implements insufficient privilege separation, the recent problem with smrsh wasn't a sneaky exploit, but simply an out-and-out bug -- smrsh promised to restrict what users can execute, but it didn't. Such is the history of restricted shells. :-) As for whether or not the old reasons to avoid Sendmail apply, here's *my* reason for using Postfix and qmail on my own systems: Their architecture is designed from the start to be resistant to the sort of problems that tend to creep into everybody's code. Assuming that humans will make errors, I'd rather go with the approach that strives to minimize the effect of those errors, rather than betting on whether Wietse, Dan or Eric is more error-prone. -Rich -- Rich Lafferty, System Administrator, NSSG --- +1 613 592 2122 x2513 perl -e '$x=int(rand(5))+2;$y=int(rand(5))+2;print "P3\n$x $y\n255\n"; print int(rand(128))," " for(1..$x*$y*3);print "\n";'| pnmrotate $[RANDOM%90] |xv -root -max -quit +noresetroot -smooth - -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
