Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- To: tlug@example.com
- Subject: tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Date: Mon, 12 Jun 2000 16:03:59 +0900 (JST)
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain; charset=us-ascii
- In-Reply-To: <m34s6zh70b.fsf@example.com>
- References: <lists.tlug/20000608155930.D18580@example.com><lists.tlug/20000609125846.H766@example.com><lists.tlug/20000609134545.V254@example.com><lists.tlug/20000609134543.M766@example.com><lists.tlug/20000609141846.C16234@example.com><lists.tlug/slrn8k76m4.bh3.simon@example.com><lists.tlug/20000611231034.B4515@example.com><lists.tlug/slrn8k77ip.bh3.simon@example.com><lists.tlug/20000611231832.C4515@example.com><slrn8k785f.bh3.simon@example.com><m3wvjvhbih.fsf@example.com><14660.22117.338466.324903@example.com><m34s6zh70b.fsf@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug
>>>>> "sb" == SL Baur <steve@example.com> writes:
sb> Stephen J Turnbull <turnbull@example.com> writes in
sb> tlug@example.com:
sb> ...
>> More seriously, if you want to have a complex policy, then
>> complex configuration will be required. Eg, open relay vs. no
>> relay is simple to configure, but unacceptable for a gateway
>> machine.
sb> ...
sb> You're mispronouncing "necessary evil". I appreciate the
sb> flexibility and ease of configuration of Sendmail. That
sb> doesn't mean I like or trust the way it's implemented.
So?
Find something whose complexity of configuration matches its
complexity of implementation more exactly, and then you only have to
verify those parts of the complexity that you need to use.
The problem with Sendmail is that all that complexity comes wrapped up
in a single package, and (theoretically) any of it can be used against
you if you use any other part of it.
Despite my basically anti-djb position, I find it interesting that the
"security challenge" was able to list the part of the system that is
considered inherently insecure (the .qmail files) in one phrase.
(There are probably a few devils in the required configuration details
too, but the principle is valid, I think.)
--
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091
_________________ _________________ _________________ _________________
What are those straight lines for? "XEmacs rules."
-----------------------------------------------------------------------
Next Meeting (w/ YLUG): June 16 (Fri) 19:00 Mizonoguchi Marui Family 12F
Next Technical Meeting: July 8 (Sat) 13:30 Topic: TBA
-----------------------------------------------------------------------
more info: http://www.tlug.gr.jp Sponsor: Global Online Japan
- References:
- Re: tlug: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- From: simon@example.com (Simon Cozens)
- tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- From: SL Baur <steve@example.com>
- tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- From: "Stephen J. Turnbull" <turnbull@example.com>
- tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- From: SL Baur <steve@example.com>
- Re: tlug: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- Prev by Date: Re: tlug: Graphiccard and display information for FMV-5120NA/W
- Next by Date: tlug: [CENSORED: Solaris /bin/clear]
- Prev by thread: tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- Next by thread: Re: tlug: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |