[130] in Release_7.7_team
Re: Sendmail vulnerability
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Sat Jul 16 00:15:58 1994
Date: Sat, 16 Jul 94 00:15:05 EDT
From: tytso@MIT.EDU (Theodore Ts'o)
To: Marc Horowitz <marc@MIT.EDU>
Cc: Matt Braun <mhbraun@MIT.EDU>, holes@MIT.EDU, release-77@MIT.EDU
In-Reply-To: Marc Horowitz's message of Sat, 16 Jul 94 00:08:02 EDT,
<9407160408.AA15031@deathtongue.MIT.EDU>
Date: Sat, 16 Jul 94 00:08:02 EDT
From: Marc Horowitz <marc@MIT.EDU>
>> The problem with sendmail 8.6.9 is that it isn't completely compatible
>> with sendmail 5.61 --- not all old sendmail.cf files will work with
>> sendmail 8.
I know that, which is why I phrased the suggestion the way I did. It
says that a standard public machine uses a sendmail athena compiles,
which is presumably tested with athena sendmail.cf files. Customized
machines can choose which they want.
You forget that servers are configured are configured from system packs;
we'd have to hack mkserv as well to revert the sendmail back in those
cases, and as a result, we'd have to close the holes in the 5.61
sendmail anyway.
- Ted
