On Tue, May 14, 2002 at 10:34:42AM -0500, Terry Dunlap wrote: > Have you ever noticed that OpenBSD and FreeBSD install Sendmail as part > of their default installs? I just installed OpenBSD 2.9 today on a test > box (I know there are new versions). I was shocked to find Sendmail > running on this OS which claims to offer a "secure" default install. > > Granted, I checked the OpenBSD site regarding their implementation of > Sendmail, and they have made some security changes to it. However, given > its track record, why is Sendmail a part of the default installs on > these *BSD flavors? Why is it part of ANY default install???
Yeah, and for that matter, why is OpenSSH, which has had a slew of security holes. Basic answer is, they ship as secure as they can, and when a hole is found, close it as soon as possible. Sendmail hasn't had anywhere NEAR as many holes in the last year or two as even OpenSSH. Jamie > -- > Terry Dunlap, MCSE > Network Security > > Western Kentucky University > 1 Big Red Way, WAB 313 > Bowling Green, KY 42101 > 270.745.6909 > > rm -f /usr/bin/laden
