Re: [Exim] Does Exim have security problems?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Marilyn Davis
Date:  
À: exim-users
Sujet: Re: [Exim] Does Exim have security problems?
Pardon my twisted mind, but I can't help thinking that the original
post was there to pull our chains, or maybe Philip's. Someone
jealous, maybe.

The return address doesn't work.

In April of 1998, when my mailserver was attacked with gusto and with
impressive resources and intelligence (because we ran the online
version of "La Consulta" -- a Zapatista, i.e., rebel-sponsored vote in
Mexico), I went looking for help in several technical email lists, I
can't remember which now. But I was *only* told to install exim for
security, no one suggested anything else. They gave me some things to
do in real time with with sendmail, which we were running at the time,
but the big advice was to switch to exim.

Being as busy as anyone, I certainly would not have switched if the
advice was anything but overwhelming and unanimous.

So, I think that the original email was from far left field and about
something else and here we are running internet nodes. It has nothing
to do with our reality.

Marilyn Davis, Ph.D.
eVote(R) - online polling software for email lists
http://www.deliberate.com 
marilyn@???    
+1 650 965-7121  (USA)








On Mon, 28 Aug 2000, Greg A. Woods wrote:

> I wish only to point out an apparently major contradiction in what you
> say and what you quote to support your claim:
>
> [ On Monday, August 28, 2000 at 06:34:59 (+0600), Mustapha Mahfouz wrote: ]
> > Subject: [Exim] Does Exim have security problems?
> >
> > 1. Exim has a monolithic design like sendmail (which is the root cause of
> > all the security bugs we here about sendmail), unlike MTA's like qmail and
> > postfix. Will this compromise the machine its run under.
> >
> >[[....]]
> >
> > Also I
> > have read the post where DJ barnstien says
> >
> > "Motivation: Thomas Ptacek posted a summary of exim's security problems
> > in April. Fixing those problems should have been the top priority of
> > exim's author, Philip Hazel. Unfortunately, Hazel has chosen to spend
> > his time in other ways---for example, in claiming that exim doesn't have
> > much privileged code. He's cleaned up a few problems, but the changes
> > still haven't made it out of testing."
> >
> > "Meanwhile, sysadmins seem to be unaware of how dangerous it is for them
> > to run exim. The last straw for me was a posting by one of those
> > sysadmins last Thursday. Wake up, people: there's nothing here that
> > intruders don't know how to do."
> >
> > Although I suspect that the above problems are corrected in the latest
> > exim, statements like the above and criticisms from my fellow collegues
> > about exims security have made a bit worried I must admit.
>
> Would your colleagues say the same thing about sendmail (or Smail)?
> What about commercial mailers that are in effect also monolithic
> designs?
>
> Meanwhile despite the existance of Smail, Exim, Zmailer, Qmail, Postfix,
> and perhaps others, each of which had security as a primary design goal,
> most of the world still runs sendmail, and a large percentage of that
> crowd still run versions of sendmail that have known vulnerabilities!
>
> As Phil Pennock has already said, Exim, like Smail before it (from which
> it borrows many design ideas), was written from the ground up with great
> attention to the programming details that have caused sendmail to be
> repeatedly compromised right from the very first demonstration of an
> automated attack against it by the Internet worm in the late 1980's.
> (Smail-3 was written partly in response to the perceptions of problems
> in Sendmail's security and by the time the worm hit it was clear that
> the designers had made the correct design decisions.)
>
> Note also that security by compartmentalisation can be easily achieved
> by other ways than just by splitting a large and complex program into
> many intertwined daemons. For example you could run your external
> mailer on a host that is not trusted by any other trusted host to do
> anything but deliver e-mail and perform DNS queries. Provided that you
> also have a secure logging host, some form of intrusion detection, and
> a well tested recovery procedure this kind of setup will perhaps be even
> more secure than you could achive by running a mailer like Postfix or
> Qmail on an otherwise more trusted machine.
>
> -- 
>                             Greg A. Woods

>
> +1 416 218-0098      VE3TCP      <gwoods@???>      <robohack!woods>
> Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>

>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>