Autor: Mustapha Mahfouz Data: Para: Greg A. Woods CC: Mustapha Mahfouz, exim-users Asunto: Re: [Exim] Does Exim have security problems?
Hello,
On Mon, 28 Aug 2000, Greg A. Woods spoke,
> I wish only to point out an apparently major contradiction in what you
> say and what you quote to support your claim:
I did not "make any claims" as you suggest, I was interested in clarifying
what I have heard about Exim.
<snip> > > Although I suspect that the above problems are corrected in the latest
> > exim, statements like the above and criticisms from my fellow collegues
> > about exims security have made a bit worried I must admit.
>
> Would your colleagues say the same thing about sendmail (or Smail)?
Actually as we all know sendmail has a extremely poor record to security,
with root escapades being reported by CERT alarmingly regurlarly.
> What about commercial mailers that are in effect also monolithic
> designs?
Well doesn't the fact that exim, qmail, postfix, even sendmails (still 70%
of the inet), popularity say enough about the quality of the commercial
MTA's.
> Meanwhile despite the existance of Smail, Exim, Zmailer, Qmail, Postfix,
> and perhaps others, each of which had security as a primary design goal,
> most of the world still runs sendmail, and a large percentage of that
> crowd still run versions of sendmail that have known vulnerabilities!
I know, which is what makes the whole thing alarming indeed. I mean any
newbie hacker can get root acesss using sendmail. Why so many sysadmins
don't upgrade sendmail or choose a safer MTA has puzzled me for a long
time.
> As Phil Pennock has already said, Exim, like Smail before it (from which
> it borrows many design ideas), was written from the ground up with great
> attention to the programming details
Yes, but it seems that DJ barnstein criticised the design of exim, in the
original message that I quoted.
> Note also that security by compartmentalisation can be easily achieved
> by other ways than just by splitting a large and complex program into
> many intertwined daemons. For example you could run your external
> mailer on a host that is not trusted by any other trusted host to do
> anything but deliver e-mail and perform DNS queries. Provided that you
> also have a secure logging host, some form of intrusion detection, and
> a well tested recovery procedure this kind of setup will perhaps be even
> more secure than you could achive by running a mailer like Postfix or
> Qmail on an otherwise more trusted machine.
Thank you for this information. I would like to think about the practical
implecations of such a setup though.
