Re: We need a new subject- bug fixes
- From: Les Mikesell <lesmikesell@xxxxxxxxx>
- Date: Mon, 05 Mar 2007 08:12:08 -0600
Scott van Looy wrote:
It is trivially easy to uncomment a line
and configure sendmail to connect to external ports.
Sorry, Rahul, I have to disagree with you there.
It is not trivially easy for normal human beings
to change anything in sendmail.
I managed, and I'm normal.
How many windows boxes are currently sending mail quite happily to you as spam? And you think sendmail should be allowed to do the same?
Beg your pardon? First, the windows exploits tend to install their own mail sender which has nothing to do with this situation, and second, sendmail is already allowed to send everywhere in the default setup.
People who can't work a computer shouldn't be allowed to work one. People who can't work Linux shouldn't be allowed to use it. Just like people who don't know how to drive a car shouldn't be allowed to use one. Not until they've been taught, right?
We aren't talking about using a computer or car, we are talking about configuring it. This is like delivering a car with the brake lines in the back seat and claiming that you will be a better driver if you muddle through bolting some parts on yourself and getting the air out of the brake fluid. My opinion is that such things are better handled by the experts that have some experience.
But this is the real world, innit?
Sendmail has been exploited in the past. It's quite well known for having been exploited lots in the past.
As has the kernel, sshd, named, and just about everything else. What's your point here? Bugs get fixed and we move on. If you remember all of those things sendmail used to be criticized for - they've all been fixed.
> And it's not just a user's
machine that gets compromised, it causes huge problems when a MTA is compromised and used as an open relay for instance.
The access file keeps sendmail from being an open relay - and has for quite a long time. It is much easier to understand than sendmail.mc or sendmail.cf.
So no, in my humble opinion, as a fedora user, I'd say yes, I prefer that it's not running on external ports by default.
Nobody says it should run that way by default or without the user knowing it - just that a distribution should not make a user edit a config file directly to undo a change that they won't find mentioned anywhere in the upstream application's documentation or examples. Or even in the distribution's own documentation outside of the config file itself.
Because if an exploit is discovered then the people actually running sendmail externally will be aware that they are and can fix/patch it.
Absolutely not! The way people using a distribution get updates is with 'yum update' or the equivalent. Otherwise, only experts will have anything updated. And the config files should be constructed such that most local changes are merged from /etc/sysconfig and thus updated files in an RPM can replace the previous unmodified copies.
Remember the problems with RPC and windows being exploited? And the ones with remote P&P and the remote registry hacks? All services running on windows boxes that were unknown to the average user...
What does this have to do with a standard well documented service and the complaint that it can't be activated without modifying a config file that most people won't understand - and are likely to get wrong.
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- Follow-Ups:
- Re: We need a new subject- bug fixes
- From: Mikkel L. Ellertson
- Re: We need a new subject- bug fixes
- From: Scott van Looy
- Re: We need a new subject- bug fixes
- References:
- Where are all the updates gone?
- From: Olaf Mueller
- Re: Where are all the updates gone?
- From: Jason L Tibbitts III
- Re: Where are all the updates gone?
- From: Olaf Mueller
- Re: Where are all the updates gone?
- From: Res
- Re: Where are all the updates gone?
- From: Rahul Sundaram
- Re: Where are all the updates gone?
- From: Aaron Konstam
- Re: Where are all the updates gone?
- From: Rahul Sundaram
- Re: Where are all the updates gone?
- From: Aaron Konstam
- Re: Where are all the updates gone?
- From: Rahul Sundaram
- We need a new subject- bug fixes
- From: Aaron Konstam
- Re: We need a new subject- bug fixes
- From: Rahul Sundaram
- Re: We need a new subject- bug fixes
- From: Aaron Konstam
- Re: We need a new subject- bug fixes
- From: Rahul Sundaram
- Re: We need a new subject- bug fixes
- From: Les Mikesell
- Re: We need a new subject- bug fixes
- From: Rahul Sundaram
- Re: We need a new subject- bug fixes
- From: Les Mikesell
- Re: We need a new subject- bug fixes
- From: Rahul Sundaram
- Re: We need a new subject- bug fixes
- From: Timothy Murphy
- Re: We need a new subject- bug fixes
- From: Scott van Looy
- Where are all the updates gone?
- Prev by Date: Gnomestartup log on FC6
- Next by Date: Re: Digital display with NVidia card?
- Previous by thread: Re: We need a new subject- bug fixes
- Next by thread: Re: We need a new subject- bug fixes
- Index(es):
Relevant Pages
|
