netbsd-help: Re: Mail server

Subject: Re: Mail server
To: Claude Marinier <claude.marinier@dreo.dnd.ca>
From: <>
List: netbsd-help
Date: 06/08/1999 11:51:52
>Hume,
>
>Please explain how sendmail is a security hole. There are some who may
>still distribute very old and therefore insecure versions of sendmail but
>the version that ships with NetBSD is quite recent.

My statement was intentionally a bit glib, but not too much.

Given its past history of security problems, the fact of its difficult =
config file, the older chunks of it still floating around for things that =
are largely unused anymore, the fact it's been built in piddypatches like =
an old New England farmhouse... the fact it occasionally has to run =
root... are all things that are exactly contrary to all the rules of thumb =
i've ever seen of building secure software.

Not that Exim addresses -all- of them... not like qmail tries to do... but =
the architecture of Unix email is so bound up on sendmail it's practically =
impossible to properly re.ngineer the entire thing.

These are not solely my opinions.  Garfinkel and Spafford, 2nd ed, pg 497: =
"One of the main reasons for sendmail's problems is its all-in-one design. =
 It is extremely complicated, runs as superuser, freely accepts =
connections from anywhere, and has a rich command language.  We are not =
surprised that the program has been plagued with problems, althought it =
seems to have had more than its share.  Fortunately, there are =
alternatives."

Sure, maybe late-model sendmails are safer... but - has it been compiled =
properly (The infamous Worm used a widespread compiling error)?  how =
competent, ambitious, and vigilant is the person installing and operating =
it?  I found i could have a lot more confidence in Exim, and could get the =
information i needed to do the job a thousand times more readily (sendmail =
documentation is, or was at the time, very hard to come by, very poor, and =
usually referred to some version i didn't have).

(Yeah, and sure, you can use whatsitsname to config sendmail for you... =
which means you have to spread your trust out even thinner, that =
whatsitsname is working right...  pbhhht.  Give me something with a =
human-readable config file.)

--
<URL:http://www.glinx.com/~hclsmith/>