Re: We need a new subject- bug fixes

Today Les Mikesell did spake thusly:

Absolutely not! The way people using a distribution get updates is with 'yum update' or the equivalent. Otherwise, only experts will have anything updated. And the config files should be constructed such that most local changes are merged from /etc/sysconfig and thus updated files in an RPM can replace the previous unmodified copies.

so if an exploit is discovered we should just sit back and be hacked until someone else fixes it for us? That's just plain lazy

Remember the problems with RPC and windows being exploited? And the ones with remote P&P and the remote registry hacks? All services running on windows boxes that were unknown to the average user...

What does this have to do with a standard well documented service and the complaint that it can't be activated without modifying a config file that most people won't understand - and are likely to get wrong.

You _uncomment a single line_ which is immensely well documented inside the file itself. Most people understand that when using linux and wanting things to work one has to modify the config files...

dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl


Sendmail is installed by default, you seem to want to have it able to connect to the internet by default too, I'd say this isn't what most users will require of it, indeed, many users don't even bother with sendmail. Therefore it shouldn't be the default. Or people will get exploited. Because we aim, by default, to have few open ports.

The point of security is to have as few ways to compromise a system available by default as possible. It makes sense to have a feature not available by default that isn't going to be needed by the majority of users, no?

--
Scott van Looy - email:me@xxxxxxxxxxxxxx | web:www.ethosuk.org.uk
site:www.freakcity.net - the in place for outcasts since 2003
PGP Fingerprint: 7180 5543 C6C4 747B 7E74 802C 7CF9 E526 44D9 D4A7
-------------------------------------------
|/// /// /// /// WIDE LOAD /// /// /// ///|
-------------------------------------------

Neglect of duty does not cease, by repetition, to be neglect of duty.
-- Napoleon

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • RE: Sendmail/Postfix to act as the main exchanger but forwardallemailto Exchange! Any proven results
    ... Again Sendmail not forwarding to Exchange... ... Here are the config files, can anyone spot something that may be hosing ... dnl # This is the sendmail macro config file for m4. ...
    (RedHat)
  • Re: still more sendmail trouble
    ... all of those are set as you suggested, here are my config files to see ... dnl NOTE: This can allow sites to use your server as a backup MX ... dnl DNS based black hole lists come and go on a regular basis ... This means that the `submit' sendmail daemon is running properly on ...
    (freebsd-questions)
  • RE: Running own mail server
    ... It is compatible meaning that it interacts with sendmail very well. ... I started using postfix over 3 years ago, ... and when I started I went from being able to install a mail server ... having run screaming from sendmail config files ...
    (Fedora)
  • Re: Mail forwarding is bypassing MX record and going straight to local server?
    ... and correctly forwarding email to the server that the MX record ... least look at config files (e.g. sendmail.cf, resolv.conf, nsswitch.conf ... Sendmail does not ignore MX records. ...
    (comp.mail.sendmail)
  • Re: Running own mail server
    ... but Postfix's config files ... Only true for those that might not take the time to understand it, just like anything else, sendmail has far more options so therefor must be far more complex to understand. ... However my sendmail list servers do lists with almost 2000 users typically all delivered in well under a minute which as I've seen ... on postfix boxes is no faster, in fact I'd bet on sendmail to finish delivering before postfix 8/10 times (cant always judge because of slow remote sites like hotmail, sometimes they compelte the smtp session faster than you can blink, other times it can take minutes to complete. ...
    (Fedora)