[991] in linux-security and linux-alert archive
Re: [linux-security] sendmail security
daemon@ATHENA.MIT.EDU (Nathan Ramella)
Fri Aug 9 07:35:32 1996
From: Nathan Ramella <floyd@ecst.csuchico.edu>
To: ian@chiark.chu.cam.ac.uk (Ian Jackson)
Date: Thu, 8 Aug 1996 11:58:09 -0700 (PDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0ulmma-0004NqC@chiark.chu.cam.ac.uk> from "Ian Jackson" at Aug 1, 96 02:42:00 am
>>Ian Jackson wrote:
>>To: linux-security@tarsier.cv.nrao.edu
>>Subject: Re: [linux-security] sendmail security
>>
>>John Henders writes ("Re: [linux-security] sendmail security"):
>>...
>>> Qmail is nice, but in defence of smail, I'd like to point out that smail
>>> has had _one_ cert notice since they started doing cert advisories.
>>...
>>> [REW: I don't believe that the number of CERT warnings is a measure
>>> for security. [elided - iwj]]
>>
>>Smail (properly configured) has only ever had one known security hole,
>>and that one was not exploitable from the network - you had to have an
>>account on the system. The bug was that you could under some
>>circumstances have debugging output sent to a file of your choosing
>>even if you couldn't ordinarily write the file. NB that this hole was
>>NOT exploitable by the DEBUG command available via Smail's SMTP
>>server, as that doesn't allow a filename to be specified, and that it
>>has nothing to do with prehistoric Sendmails' hideous DEBUG hole.
>>
>>Ian.
>>
>>220 chiark.chu.cam.ac.uk Smail3.1.29.1 #35 ready at Thu, 1 Aug 96 02:40 BST
>>debug
>>250 level 1. You think this is a security hole ? Please RTFM.
>>quit
>>221 chiark.chu.cam.ac.uk closing connection
Might I just comment, I'm sure smail has just as many holes as
sendmail, if not more.. The reason it's supposedly "secure" is
because smail is a little more low profile than sendmail.
sendmail is used on probably 80%-90% of all UNIX machines
everywhere in one form or another, therefor (h|cr)ackers have
more impetus to write exploits for it.
If smail ever got "really popular", it would probably suffer the
same growing pains that sendmail has gone through, and will continue
to go through.
(And a side note, anyone who thinks they're 'more secure' because
of smail is relying on security through obscurity, and is only
kidding themselves.)
If you _really_ want security, try running sendmail through inetd,
uid(nobody), gid(mail), and hack in some pgp encryption to the
mail spool. Just running smail won't do it, or even more to the point
NOT running sendmail definitly won't do it.
-Nate