Re: linux box compromised: advice needed

From: Nico Kadel-Garcia (nkadel@bellatlantic.net)
Date: 03/27/02 

From: "Nico Kadel-Garcia" <nkadel@bellatlantic.net>
Date: Wed, 27 Mar 2002 19:22:34 GMT

"Tim Haynes" <usenet@stirfried.vegetable.org.uk> wrote in message
news:864rj2hx2e.fsf@potato.vegetable.org.uk...
> "Nico Kadel-Garcia" <nkadel@bellatlantic.net> writes:
>
> [snip]
> >> No it's not. FFS, past performance is no indicator of future. Simple
> >> "number of root exploits" is what anti-sendmail pillocks use, and a big
> >> stinkin' 0 from qmail does NOT prove it's any more secure.
> >
> > Umm. No. Sendmail has a long and glorious history of local and remote
> > exploits,
>
> I *know* what the history is like. Now show me the unpatched remote-root
> holes in the *current* version? Right, see.

Can't: don't have time to dig into it. But if you can't reasonably judge the
future based on the past, then you and I can't be sure the sun will rise
tomorrow, or that cigarettes won't kill a lot of people....

> > Also, because
> > sendmail.cf management is such a stunningly black art due to the
> > now-extremely-strange two character command sets and so many decades of
> > stapling new features onto it, it's very painful to upgrade.
>
> I don't see any problems with that. Preserve sendmail.cf between versions;
> simple.

Bwa-ha-ha! Giggle. *Snort*. Sendmail.cf has had so many incompatible changes
between versions, especially in the use of new features until they
stabilize, it doesn't work.

> > It's even more painful to security review, because people have very
> > carelessly slapped in new features on occasion without really
> > understanding what other, extremely clever people have done and how to
> > integrate it.
> >
> > Look at the code: it shows the signs.
>
> Of course.

And you're telling me that this code has no new root exploits because we
haven't found them yet?

>
> > qmail, on the other hand, is much lighter weight: by segmenting off
> > distinct tasks and only running a very small set of them as root, it's
> > much easier to security review and control. And it has been built from
> > the ground up with features like relay control and authentication in
> > mind, which sendmail had stapled in after the fact.
>
> "After the fact"? Relaying and auth have been in sendmail for a very long
> time by my standards.

Youngun. Unfortunately, the code is old even by *my* standards. And decent
*control* of relaying is relatively new.

> >> Ultimately I don't care if my MTA has up to ~5 or so separate security
> >> incidents in a year as long as they're all fixed in a
reasonable -quick-
> >> turnaround time, because I'd *far* rather have a fixed bug, know about
> >> it, and be done, than be told "it's more secure" with NO REAL DATA.
> >
> > You should care, because fixing sendmail is extremely painful for most
of
> > us due to the sendmail.cf guru-level expertise requiried for revision
> > updates.
>
> If you don't know what you're doing with it, what are you doing running
it?

I do. They may have some idea, but not enough to trivially re-install or
upgrade 5 times a year.

> > Or people with older RedHat versions who refuse to allow an update
> > because "it's working fine"? Heck, I just applied for a job at a place
> > that refuses to update their RedHat 4.2 print server for no reason I can
> > ascertain....
>
> I don't consider this a responsible attitude. However it doesn't mean
> there's anything wrong with using the sendmail package as an MTA, let
alone
> that everyone should drop their pants and move straight over to qmail, of
> all things!
>
> Thanks for proving the point,
>
> ~Tim

Which point, Tim? I've rejected your claims that sendmail is secure and
reliable, and given explanations from my experience and reasoning why it
frequently is so insecure, reasons that don't apply to qmail. Run right out
and swap over? No, it's expensive and you may lose features you want. But
consider it potentially superior? Certainly!

Relevant Pages

  • Re: linux box compromised: advice needed
    ... terrible history of screwing up security in the name of enabling "features" ... sendmail was the only solid option for UNIX. ... and given explanations from my experience and reasoning why it ... reasons that don't apply to qmail. ...
    (comp.os.linux.security)
  • Re: linux box compromised: advice needed
    ... >> stinkin' 0 from qmail does NOT prove it's any more secure. ... No. Sendmail has a long and glorious history of local and remote ... > stapling new features onto it, it's very painful to upgrade. ...
    (comp.os.linux.security)
  • Re: linux box compromised: advice needed
    ... >> stapling new features onto it, ... And the m4 macros, unfortunately, are not sendmail. ... >> security review and control. ... > And that's why SMTP-Auth and STARTTLS for qmail are third-party patches ...
    (comp.os.linux.security)
  • Re: Setting up a secure mail server
    ... Oups I meant Sendmail and not OpenBSD. ... The same could happen with Qmail or any other ... installation procedure of all this is quite ugly. ... That could be a reason yes... ...
    (comp.unix.bsd.openbsd.misc)
  • Qmail to Sendmail migration => life without qmail :-)
    ... This howto assumes that you have compiled and makeinstalled sendmail, ... Qmail is an MTA which uses specific form of database containing ... Now, user aliases are kept in domain directory, e.g. /MAIN/domainX.com/ ... Site-wide aliases and virtualusers are kept ...
    (comp.mail.sendmail)