"Sudhakar Chandra" <[EMAIL PROTECTED]> (Sunday, July 28, 2002 6:28 AM)
> OK, I'll bite....
> One item of the baggage Sendmail still has not gotten rid of is the butt
> ugly configuration. Apart from bakward compatibility, is there ANY
> reason why sendmail.cf is so cryptic?
Sendmail people (Claus Assmann and others) keep saying, these days, that the
cf file is to be considered a binary, and to use and modify sendmail.mc,
rebuilding sendmail.cf each time using m4
> I'm not talking about security holes in Sendmail from 10+ years ago.
> I'm talking about security holes in sendmail as recent as 3-4 years ago.
Like? There was one hole afaict in 8.9.3 - which was more of a linux kernel
hole. 8.10.1 - AIX specific hole. Another 8.10.2 hole which was again
linux specific. Here's the README that comes up when you visit
ftp.sendmail.org -
8.12.5 Fix potential buffer overflow in (unused) dns map type TXT.
8.12.4 More restrictive permissions, various minor bug fixes.
8.12.3 Fixes 7-8 bit MIME conversion and various minor bugs.
8.12.2 Portability enhancements and minor bug fixes.
8.12.1 Fixes potential local security problem.
8.12.0 Enhanced security and performance; no more set-user-ID root.
8.11.6 Fixes command line processing security problem.
Support for STARTTLS and SASL encryption.
8.10.2 Detect and avoid a serious Linux capabilities security bug.
8.10.1 Bug fix release: avoids dangerous AIX 4.X linker behavior
8.10.0 Major new release: multiple queues, SMTP authentication, LDAP
integration, IPv6, enhanced SMTP status codes, and more.
8.9.3 header denial of service fixed. Minor fixes.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
