Sam <[EMAIL PROTECTED]> writes:
> It is *not* "vendor convenience".
If it's not 'vendor convenience' that is standing in the way, Redhat
could modify its RPM tool to calculate the checksum of qmails
binaries, ignoring the UID locations, this is trivial. It could then
check the UID locations to see if they were different from the default
distribution and also look in the password file to see if they
matched, or something along these lines. It could print them out, and
have the admin verify it manually, just as they would have to do with
configuration files. And frankly, the place for extra code is in some
software that is run once in a while from a floppy, like RPM, not in
stuff that is constantly up. I don't understand why you are badgering
Dan to add code to his programs, and not badgering Redhat.
> Red Hat's Linux distribution is
> specifically designed to be as secure distribution as possible.
Well, let's just take a moratorium on this issue until we have more
data. There are turnkey providers that distribute qmail, and then
there's Redhat, which distributes sendmail+rpm. Let's see which ones
have more mailer related security holes down the road. Until then...
sdb
