On Tue, 2002-07-30 at 18:10, Gerry Doris wrote: > > I continue to see these claims that sendmail is insecure. However, I've > yet to see anyone actually back this up. Would you please give me the > details of why sendmail is insecure.
It's install SUID root (may not be true in future versions, Red Hat seems to have a solution to that particular problem) It's one, very large, very complex application. Without even beginning to get into other problems, the two above are enough that anyone with even a little security background will acknowledge that sendmail is not, and can not be made, secure. SUID applications should be as small as possible to accomplish their task: less code means fewer problems to exploit. Any other common MTA makes minimal use of root privileges and SUID binaries. Sendmail has a very long history of root exploits, both local and remote. It shouldn't be hard to find them. Just look at www.sendmail.org. -- redhat-list mailing list Unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
