[3079] in WWW Security List Archive
Re: About "CIA Web Page Hacked"
daemon@ATHENA.MIT.EDU (hallam@ai.mit.edu)
Wed Sep 25 20:33:44 1996
From: hallam@ai.mit.edu
To: benc@geocel.com, WWW-SECURITY@ns2.rutgers.edu
Cc: hallam@ai.mit.edu
In-Reply-To: Your message of "Wed, 25 Sep 96 04:38:58 CDT."
<2.2.32.19960925093858.00a59e88@lithium>
Date: Wed, 25 Sep 96 18:30:28 -0400
Errors-To: owner-www-security@ns2.rutgers.edu
>Well, as much as you'd like to beleive everyone who works for a vendor is
>competent, with a program as absolutely huge as sendmail, it is absurd to
>think that because a vendor modifies the source they've patched all if any
>bugs.
But entirely plausible to consider that a vaguely competent vendor
is likely to produce a version with fewer bugs than any Allman
edition of sendmail, either existing or yet to be created.
Why a mailer needs to be a huge enormous program is beyond me.
If you only use SMTP there is no reason that a mailer should need
more than a few thousand lines of code. There is very little reason
for a machine to support other protocols, particularly if the price
of doing so is having to use sendmail.
Phill
