Sendmail vulnerability

Archaic archaic at linuxfromscratch.org
Fri Mar 31 15:44:00 PST 2006


On Thu, Mar 30, 2006 at 11:15:49AM -0600, Bruce Dubbs wrote:
> 
> No, not really.  It has been quite stable the last five years or so.

Stable != secure. Sendmail's vulnerability history followed it into this
millenium. Granted, it has slow down of late. But what irks me the most
about sendmail is that once a vuln is found there is generally a dance
of 1-2 more vulns directly related to the "fix" of the first one. Add to
that its poor ideas on queue flushing methods and you have a recipe for
trouble as is witnessed everytime we have to shut down sendmail for some
reason, even if momentarily. Some of us are forced to use it, and some
actually like it.

I don't know which group I pity more. ;)  <- NOTE: Shameless jab at
Bruce (in jest, of course). :D

-- 
Archaic

Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs




More information about the lfs-security mailing list