Re: linux box compromised: advice needed

From: Heinz Ekker (hekker-usenet@hoppa.la)
Date: 03/29/02 

From: Heinz Ekker <hekker-usenet@hoppa.la>
Date: 29 Mar 2002 00:29:02 GMT

Nico Kadel-Garcia <nkadel@bellatlantic.net> wrote:

> because sendmail.cf management is such a stunningly black art due to the
> now-extremely-strange two character command sets and so many decades of
> stapling new features onto it, it's very painful to upgrade. It's even more
> painful to security review, because people have very carelessly slapped in
> new features on occasion without really understanding what other, extremely
> clever people have done and how to integrate it.

That's exactly why sane people never touch sendmail.cf directly, but use
the m4 macros instead. So far I never had problems 'compiling' a .mc for
a new version of sendmail when upgrading. I dare say that compiling a
human readable configuration file once in a machine parseable format has
some performance advantages in the right environment.

> qmail, on the other hand, is much lighter weight: by segmenting off distinct
> tasks and only running a very small set of them as root, it's much easier to
> security review and control.

This approach may have security advantages, but it brings with it
performance penalties. As a system administrator, I don't like it - many
components, interdependent on each other and interacting in strange ways
- nah.

But that's a *preference*, not a technical argument, and I'm well aware
of that.

> And it has been built from the ground up with
> features like relay control and authentication in mind, which sendmail had
> stapled in after the fact.

And that's why SMTP-Auth and STARTTLS for qmail are third-party patches
with no security guarantee at all?

With the amount of features, the risk of introducing security holes
rises. Sendmail was stable and without compromise for a while, until the
great rewrite and feature-additions started with 8.10.

In any modern mail system I need features which qmail simply does not
provide, but other MTAs do. For qmail to meet my expectations I'd need a
whole lot of patches and additional software, and all of a sudden the
security guarantee is void. So qmail is just another MTA, and has its
risks like any other piece of software.

he

Relevant Pages

  • Re: linux box compromised: advice needed
    ... >> stapling new features onto it, ... And the m4 macros, unfortunately, are not sendmail. ... >> security review and control. ... > And that's why SMTP-Auth and STARTTLS for qmail are third-party patches ...
    (comp.os.linux.security)
  • Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
    ... one-true-standard for what that OS security feature set should be. ... So you can wish for the "main OS security features" all you want, ... Same reasons for Posix File Capabilities providing a segmented SUID ... Main OS security features always made tight by the LSM. ...
    (Linux-Kernel)
  • Re: Is 6.0 released?
    ... and others were security features ... Integrity, and a variey of hardening policies, and also support for Access ... CAPP Audit implementation. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: [SLE] MTA Selection
    ... > security is an absolute requirement. ... qmail works right out of the box.. ... a lot smaller than Sendmail or Postfix. ... "It uses two large monolithic configuration files, ...
    (SuSE)
  • Re: Looking for a Wireless Video Camera
    ... spending more money does give one more features and ... security system) for any real security use. ... I once had a conversation with a former bank network admin who is also ... doubling the cost of the camera system would not yield a proportional ...
    (alt.internet.wireless)