From owner-freebsd-hackers  Sun Nov 24 17:09:45 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA25274
          for hackers-outgoing; Sun, 24 Nov 1996 17:09:45 -0800 (PST)
Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA25266
          for <hackers@freebsd.org>; Sun, 24 Nov 1996 17:09:34 -0800 (PST)
Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id SAA27018; Sun, 24 Nov 1996 18:09:10 -0700 (MST)
Date: Sun, 24 Nov 1996 18:09:10 -0700 (MST)
Message-Id: <199611250109.SAA27018@rocky.mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
To: peter@taronga.com (Peter da Silva)
Cc: hackers@freebsd.org
Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2
In-Reply-To: <199611250041.SAA08169@bonkers.taronga.com>
References: <199611250006.KAA25958@genesis.atrad.adelaide.edu.au>
	<199611250041.SAA08169@bonkers.taronga.com>
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> > "Sendmail is the de-facto Unix standard mail delivery agent.  Is is
> >  continually subjected to rigorous security scrutiny and frequently
> >  updated.
> 
> Don't make me laugh. It has more security holes revealed per year than
> every other setuid program in UNIX put together.

It is also the most used/public suid program in the world, subject to
the most scrutinity (and attack).

I'm with Michael.  I trust sendmail much more than something I know
nothing about.  Sendmail is scrutinized, and Qmail isn't.  I'm 99.9%
sure that Qmail has at least one security hole in it that someone could
drive a truck through, but it simply hasn't been found.  Have I looked
at the code to know this?  No, but at some point in time Qmail *has* to
have 'root' prividedges, and it's *really* hard to make sure that when a
mail-transport agent becomes root that they've squashed any chance of
the input causing problems.

The input to Qmail may not be run as root, but somehow that input must
be written to a user's file or run through a users .forward or other
processing agent, and that's where *all* of the bugs lie.



Nate