Re: [Exim] Does Exim have security problems?

Top Page
Delete this message
Reply to this message
Author: Jeffrey Goldberg
Date:  
CC: exim-users
Subject: Re: [Exim] Does Exim have security problems?
On Mon, 28 Aug 2000, Mustapha Mahfouz wrote:

> I have been hearing good things about exim of late such as its speed, and
> ease of configurability, however I have also seen exim being criticised a
> lot on various security forums about its low(?) security.


I find that surprising. Exim's design model with respect to processes and
general coding appear very well thought out with respect to security. I
also have never heard of an exploit against exim. Could you give
references to the forums.

> Could you please clarify the following problems wether they are
> significant, I personally don't like sendmail, or that > 1000 page book
> about configuring it and I would like to get away from it to a
> another MTA ASAP.


I don't know about sendmail know adays, but one of the reasons that I
switched to running exim a few years back where I used to work was because
exim was better with security. sendmail was designed in the good old days
when everybody trusted root from other hosts. Exim initiated far more
recently, and so is less trusting from the ground up.

> 1. Exim has a monolithic design like sendmail (which is the root cause of
> all the security bugs we here about sendmail), unlike MTA's like qmail and
> postfix. Will this compromise the machine its run under.


Modularity and trust only work well if you actually can enforce a trust
policy in what you allow modules to do. Look at Apache to see who
difficult that is to do.

But exim isn't really monolithic in the way that sendmail is, because exim
doesn't have a "master process" doing everything. Exim's process model is
different and requires exim processes running as root in far few
circumstances.

> 2. I have read the exim root exploit in version 1.62, which says in a
> summary that exim 1.62 let any local user obtain root privileges.


Version 1.62 is very old.

> Also I have read the post where DJ barnstien says


Someone else has already said that just because the author of exim doesn't
go around boasting of the security of exim or trashing the alternatives
says more about the characters of the respective authors than it does
about the software.

> "Motivation: Thomas Ptacek posted a summary of exim's security problems
> in April [...]"


Can someone track that down? Maybe it should be reposted here (was it
originally) and looked at. And April what year? I am sure that people
here will give it an honest treatment. Indeed, it is exactly the people
on this list who want exim to be secure against attack and abuse.

> When at a gathering of admins a few days ago, I mentioned that I am
> thinking of moving to exim (sendmail is getting very slow on my machine,
> and I am worried about it's security) I got laughed at by almost everyone,
> most of them are running Qmail, and they send that if I am more concerned
> about security I'd better install qmail, or leave sendmail instead of
> installing exim as "qmail is well designed, and has a superb security
> design that addreses sendmails security issues blah blah", also some stuff
> was mentioned about a 1000$ unclaimed reward for anyone that cracks qmail.


That strikes me as peculiar behavior. Many people switched from sendmail
to exim because of security issues among others. But it appears that in
the qmail circles there is a wide spread belief of security problems with
exim. I suspect that that is mostly rumour based on very out-of-date
inuendo and some hype. But like most such things, there is often some
grain of something somewhere that should be looked at. I'm sure that
people here will look at it in good faith.

-j

--
Jeffrey Goldberg
I have recently moved, see http://www.goldmark.org/jeff/contact.html
Relativism is the triumph of authority over truth, convention over justice