D. J. Bernstein writes:
> Roger Merchberger writes:
> > Personally, I'm not interested in religious claims that run-time
> > configuration is evil; tho that's all I've seen so far from you.
>
> I've said nothing of the sort. I'm simply asking what the benefits are.
What would be a sufficient benefit?
> You don't understand why I want adequate justification before I add code
> to security-critical programs?
What would adequate justification?
> Let's consider, for example, the patch that people are asking me to use,
> making qmail-lspawn run qmail-getpw as the uid that owns
> /var/qmail/owners/uidp, rather than as a compiled-in qmailp uid.
>
> What happens if there's a security hole in getpwnam(), on a UNIX system
> that allows file giveaways?
This is a red herring. /var/qmail/owners is chmod 700.
> With this patch, the attacker breaks into qmail-getpw, then changes the
> owner of /var/qmail/owners/uidp to root, then breaks into root, then has
> complete control over your system. The security barrier around root has
> been breached.
This is a red herring. qmail-lspawn refuses to accept a uidp of 0.
Still, you are doing better. You are at least trying to persuade us.
That's good -- keep it up.
> Several turnkey system vendors have converted to qmail.
This is besides the point. Redhat ships sendmail because you are
uncooperative. This is a security disaster which is entirely YOUR fault.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
