Date: Mon, 25 Nov 1996 11:42:18 +0600 From: Tim Pierce <twpierce@bio-3.bsd.uchicago.edu> To: nate@mt.sri.com Cc: peter@taronga.com, hackers@FreeBSD.org Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2 Message-ID: <9611251742.AA10825@bio-5.bsd.uchicago.edu> In-Reply-To: <199611250109.SAA27018@rocky.mt.sri.com> (message from Nate Williams on Sun, 24 Nov 1996 18:09:10 -0700 (MST))
next in thread | previous in thread | raw e-mail | index | archive | help
Nate Williams <nate@mt.sri.com> said: > I'm with Michael. I trust sendmail much more than something I know > nothing about. This amounts to defending the devil you know over the devil you don't. While that's a sound principle, it's also something of a last line of defense: i.e., there's no reason you can't get to know the other devil a little better. Most of the defenses of sendmail I've seen thus far can be summed up: it's the industry standard, everyone else in the world runs it, any administrator will be instantly at home with it. Hmm -- and I thought that I *wasn't* running Windows! For the record, I currently run neither sendmail nor qmail (not having a net-connected machine). I am not intimately familiar with qmail and am not really in a position to defend it. What I know is that I spend a lot of time with security weenies, and have heard more about qmail in the last several months than about perhaps any other package I'm not personally working on. I'm inclined to believe that it deserves a closer look than the folks here have been willing to give it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9611251742.AA10825>