We need a new subject- bug fixes

Scott van Looy scott at ethosuk.org.uk
Mon Mar 5 11:16:25 UTC 2007


Today Timothy Murphy did spake thusly:

> Rahul Sundaram wrote:
>
>> It is trivially easy to uncomment a line
>> and configure sendmail to connect to external ports.
>
> Sorry, Rahul, I have to disagree with you there.
> It is not trivially easy for normal human beings
> to change anything in sendmail.

I managed, and I'm normal.

How many windows boxes are currently sending mail quite happily to you as 
spam? And you think sendmail should be allowed to do the same?

People who can't work a computer shouldn't be allowed to work one. People 
who can't work Linux shouldn't be allowed to use it. Just like people who 
don't know how to drive a car shouldn't be allowed to use one. Not until 
they've been taught, right?

But this is the real world, innit?

Sendmail has been exploited in the past. It's quite well known for having 
been exploited lots in the past. And it's not just a user's machine that 
gets compromised, it causes huge problems when a MTA is compromised and 
used as an open relay for instance. So no, in my humble opinion, as a 
fedora user, I'd say yes, I prefer that it's not running on external ports 
by default. Because if an exploit is discovered then the people actually 
running sendmail externally will be aware that they are and can fix/patch 
it.

Remember the problems with RPC and windows being exploited? And the ones 
with remote P&P and the remote registry hacks? All services running on 
windows boxes that were unknown to the average user...

-- 
Scott van Looy - email:me at ethosuk.org.uk | web:www.ethosuk.org.uk
site:www.freakcity.net - the in place for outcasts since 2003
PGP Fingerprint: 7180 5543 C6C4 747B 7E74  802C 7CF9 E526 44D9 D4A7
       -------------------------------------------
       |/// /// /// /// WIDE LOAD /// /// /// ///|
       -------------------------------------------

Any circuit design must contain at least one part which is obsolete, two parts
which are unobtainable, and three parts which are still under development.




More information about the fedora-list mailing list