Mailing List Archive

Support open source code!


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]



>>>>> "sb" == SL Baur <steve@example.com> writes:

    sb> Stephen J Turnbull <turnbull@example.com> writes in
    sb> tlug@example.com:
    sb>  ...
    >> More seriously, if you want to have a complex policy, then
    >> complex configuration will be required.  Eg, open relay vs. no
    >> relay is simple to configure, but unacceptable for a gateway
    >> machine.
    sb>  ...

    sb> You're mispronouncing "necessary evil".  I appreciate the
    sb> flexibility and ease of configuration of Sendmail.  That
    sb> doesn't mean I like or trust the way it's implemented.

So?

Find something whose complexity of configuration matches its
complexity of implementation more exactly, and then you only have to
verify those parts of the complexity that you need to use.

The problem with Sendmail is that all that complexity comes wrapped up
in a single package, and (theoretically) any of it can be used against
you if you use any other part of it.

Despite my basically anti-djb position, I find it interesting that the
"security challenge" was able to list the part of the system that is
considered inherently insecure (the .qmail files) in one phrase.
(There are probably a few devils in the required configuration details
too, but the principle is valid, I think.)

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."
-----------------------------------------------------------------------
Next Meeting (w/ YLUG): June 16 (Fri) 19:00 Mizonoguchi Marui Family 12F
Next Technical Meeting: July 8 (Sat)  13:30 Topic: TBA
-----------------------------------------------------------------------
more info: http://www.tlug.gr.jp        Sponsor: Global Online Japan


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links