[H-GEN] Sendmail and open relay
Robert Brockway
robert at timetraveller.org
Mon Jul 28 00:12:10 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
On Mon, 28 Jul 2003, Harry Phillips wrote:
> They *all* have security bugs/problems. The only difference is that the
> ones after 8.12.9 have patched the *known* problems.
Theoretically all software could have security issues in it, but there is
currently no reason to assume sendmail has any more than any other piece
of software (per lines of code).
A few months ago some very obscure security issues were located in
sendmail. These had been around for sometime without anyone discovering
them. They were very hard to locate, and in fact were only found when the
sendmail source was subjected to a formal security audit. Quite a few
pieces of important Internet software has been undergoing this treatment
of late.
I find the results of the sendmail code audit very heartening - if the
only exploits they found were so obscure that no 'l33t hax0r[1] had ever
found them then it looks like all the bad ones have been cleaned up (of
course future patches will no doubt change this situation, but that is
true of all software).
[1] elite hacker for those of us who still speak English.
Rob
--
Robert Brockway B.Sc. email: robert at timetraveller.org ICQ: 104781119
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list