[ On Thu, August 31, 1995 at 12:59:22 (-0400), Drew Dean wrote: ]
> Subject: Re: OK, so how do we slam shut this sendmail problem once and for all? 
>
> 	I haven't written an MTA (but I don't run sendmail on my
> personal machine, either), so I won't claim to be an expert.  But, if
> you think hard about the problems and tradeoffs (send email if you'd
> like an incomplete list), you can make a more secure MTA than
> sendmail, and "BAD idea" doesn't do justice to the problem.  Given the
> Unix protection model, running arbitrary programs when mail arrives is
> inherently a very risky proposition.

There are other mailers out there with such design goals.  One is the
AT&T Bell Labs UPAS mailer (V10 Research UNIX & Plan 9).  I have it on
good word that if some gentle pressure were applied in the right places,
and if their bureaucracy works its magic, UPAS could be released as
"freeware".  Note that it is on the Plan 9 CD too.  Also there is
Zmailer, which has further advantages for very large gateways.

I *think* smail-3 is more secure -- it doesn't use syslog(3), so would
have completely avoided the recent bug.  We're hoping to release a new
beta of smail-3.2 RSN!

-- 
							Greg A. Woods

+1 416 443-1734			VE3TCP			robohack!woods
Planix, Inc. <woods@planix.com>; Secrets Of The Weird <woods@weird.com>