Date: Sun, 11 Feb 2001 18:12:18 -0600 From: "Michael C . Wu" <keichii@iteration.net> To: Drew Derbyshire <software@kew.com> Cc: chat@freebsd.org Subject: Re: FreeBSD Postfix and Majordomo security (was FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE) Message-ID: <20010211181218.D19845@peorth.iteration.net> In-Reply-To: <009c01c093e5$d1cd7230$94cba8c0@hh.kew.com>; from software@kew.com on Sat, Feb 10, 2001 at 11:48:04PM -0500 References: <200102082014.PAA29877@vws3.interlog.com> <009c01c093e5$d1cd7230$94cba8c0@hh.kew.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Feb 10, 2001 at 11:48:04PM -0500, Drew Derbyshire scribbled:
| (Headers rigged to move follow ups to -chat ...)
|
| Since the FreeBSD site runs postfix, the fix to block external postings to
| the announce list is a Postfix FAQ, using a regular expression filter. This
| would require direct trusted posters to go through a local (or otherwise
| trusted IP), and cannot be beaten by forged headers. (Hint, hint!)
It's a pretty good idea to only allow certain important postings
from a certain IP, such as freefall.freebsd.org. :)
| The belief that signing advisories sorts out the good from the bad is naive.
| The negative impression is left on users when the reader realizes a bogus
| post from an official mailing list is bogus in the first place. (Nor do
| most mail clients support automatically decoding the key. Heck, I get
| global whining for using any sort of MIME at all in mail.)
|
| In general, I'm amazed that after all the SPAM on the FreeBSD mailing lists
| that they haven't gone to post-only-by subscribers in general -- clearly,
| the maintainers don't seem to care about the lists's quality as much as some
| of the subscribers do. Yes, yes, I've heard the "but we need to let any one
| post ..." argument, and refuse to believe it given hackish nature of the
| FreeBSD mailing lists, and general disdain for end-users.
^^^^^^^^^^^^^^^^^^^^^^^^^
Do you realize that you are making a generalizing, sweeping comment
that is basically flame bait?
| (Linux will rule the world, because organizations like RedHat support
| relatively clean binary patches using up2date between releases -- it makes
| me sad when I compare this to FreeBSD securty advisories which offer choices
| of source patches or "upgrade to Release 4.x-STABLE after the specified"
| date, given that such configurations have a prereq of reading the -stable
| mailing list and generally breathing FreeBSD.)
And, if I may ask, how do you ensure the synchronization of userland
and kernel after a while?
--
+------------------------------------------------------------------+
| keichii@peorth.iteration.net | keichii@bsdconspiracy.net |
| http://peorth.iteration.net/~keichii | Yes, BSD is a conspiracy. |
+------------------------------------------------------------------+
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010211181218.D19845>