D. J. Bernstein writes:
> Sam writes:
> > In a sitution like this, you just *don't* ship a binary package that,
> > after it's installed, it scribbles all over its binary files.
>
> sendmail's /etc/aliases.db is a security-critical binary file created
> from user-supplied configuration data.
>
> How, pray tell, are you going to check the integrity of /etc/aliases.db?
> If you can verify /etc/aliases.db, why can't you verify the qmail files?
>
> The reality is that people don't verify /etc/aliases.db after a breakin.
> They either ignore it, leaving a perfectly adequate hiding place for
> intruders, or reinstall it, which is the right thing to do.
Users commonly recompile /etc/alises.db. They do so using a program
which is included with the package.
Users do not commonly recompile executables. Often they do not
install compilers, linkers, loaders or binary editors, because no
package requires them.
Except qmail.
Now, if qmail requires it's binaries to be modified for security
reasons, and they are valid reasons, then no other package is secure,
so that qmail's level of security is overkill, useless, and a waste of
resources. It would be better to spend those resources improving the
security of other packages.
If Redhat requires it's binaries to be unmodified for security
reasons, and they are valid reasons, then qmail is not secure.
Your arguments are not persuasive. They are clearly written. They
are true. They make valid points. They communicate effectively. But
they do not persuade.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
