Date: Wed, 01 Jan 2003 21:39:33 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Claus Assmann <freebsd+current@esmtp.org> Cc: freebsd-current@FreeBSD.ORG Subject: Re: 5.0-RC2 informal PR: 90 sec sendmail delay Message-ID: <3E13D095.FC52B758@mindspring.com> References: <rgptrg1uzx.trg@localhost.localdomain> <3E1352BC.4043921B@mindspring.com> <20030101145232.A391@zardoc.esmtp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Claus Assmann wrote: > On Wed, Jan 01, 2003, Terry Lambert wrote: > > I'm not too happy about some of the changes to Sendmail recently, > > Which? And why? > > If there are problems, the authors would like to hear > about it directly, instead of reading it in some mailing > list by accident... It's an editorial complaint. I don't like the breaking the program into seperate programs by function. IMO, DJB is wrong, and this does nothing to enhance security. The result of doing this in FreeBSD has been to greatly complicate rc scripts, with the result that sendmail is much less of an unpluggable component that can be replaced with something else, easily, and with little system impact. I understand the "security" reasoning, based on having to compete with qmail and other packages that claim this seperation magically fixes all security issues. But it's just a propaganda move, and it's not technically justified. Similarly, the interior seperation, which is what resulted in the DNS lookup that brought up the link in this current discussion thread, fails via a timeout before the lookup is done, and so the transfer fails. Whistle had to address this problem for Ricoh, with the InterJet, as well, since a linkup could take sufficient time that the timeout would fire, and the mail would never end up getting sent (it would get aged into the queue as "can't lookup destination host"). > > but I understand, from a marketing perspective, why they are > > being made, to compete with DJB's security claims on qmail, and > > Weitse's claims on seperation of operation on performance (both > > claims are bogus, but it's complicated to explain to potential > > customers why that's the case). > > We are not making changes "from a marketing perspective". > > If you are referring to the separation of sendmail into MTA and > MSP: this was necessary to get rid of sendmail being set-user-ID > root, which is a security risk (as you will probably agree, this > isn't marketing, this is real, e.g., sendmail was abused in some > cases to exploit bugs in the OS). Nope. I don't agree. I think the change makes things harder, and I don't see a difference in the volume of security advisories (e.g. not a lot of advisories warning about people being able to obtain the "$MAILUSER" identity through some buffer overflow, rather than "root"). At one point, sendmail was getting a lot of crap in the trade press over running suid root... but, IMO, that's all it was: crap. It was just a hook that people could hang marketing arguments against sendmail on, to FUD people into using a different product. Any reaction to FUD is a marketing reaction, unless there's provable technical merit in the decision. And one result is a FreeBSD where it's harder to pull sendmail out and replace it (also a marketing win, from a sendmail perspective). Personally, I use sendmail, so yanking it out is not high on my list of things to do, but it's now harder to have base mail functionality without parts of sendmail sticking around. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E13D095.FC52B758>