Subject: Re: sendmail configuration
To: Greg Hudson <firstname.lastname@example.org>
From: Don Lewis <email@example.com>
Date: 11/02/1995 23:10:50
On Nov 2, 5:55pm, Greg Hudson wrote:
} Subject: Re: sendmail configuration
} > I can't see a single valid reason not to run sendmail at all.
} 1. It's a big security hole.
Well, yes and no. The very fact that it's installed and is setuid
root opens potential security holes.
If you don't run sendmail in daemon mode on the clients, then they
aren't vulnerable to attack over the network, but your hub still is.
If you run the same version of sendmail on all your machines, then
you aren't much more vulnerable if you run sendmail as a daemon on
your clients, since all your machines have the same security holes;
you just increase the number of machines vulnerable to direct attack.
One advantage of running sendmail as a daemon on your clients is that
you can easily scan all your machines to determine what sendmail
version they are running, which will allow you to detect any clients
running out of date versions of sendmail that have vulnerabilies to
attack by local users (of course the black hats can do this too in
order to find a weak machine to attack).