Re: [Exim] Does Exim have security problems?

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Mustapha Mahfouz
Dátum:  
Címzett: Greg A. Woods
CC: Mustapha Mahfouz, exim-users
Tárgy: Re: [Exim] Does Exim have security problems?
Hello,

On Mon, 28 Aug 2000, Greg A. Woods spoke,

> I wish only to point out an apparently major contradiction in what you
> say and what you quote to support your claim:


I did not "make any claims" as you suggest, I was interested in clarifying
what I have heard about Exim.

<snip>
> > Although I suspect that the above problems are corrected in the latest
> > exim, statements like the above and criticisms from my fellow collegues
> > about exims security have made a bit worried I must admit.
>
> Would your colleagues say the same thing about sendmail (or Smail)?


Actually as we all know sendmail has a extremely poor record to security,
with root escapades being reported by CERT alarmingly regurlarly.

> What about commercial mailers that are in effect also monolithic
> designs?


Well doesn't the fact that exim, qmail, postfix, even sendmails (still 70%
of the inet), popularity say enough about the quality of the commercial
MTA's.

> Meanwhile despite the existance of Smail, Exim, Zmailer, Qmail, Postfix,
> and perhaps others, each of which had security as a primary design goal,
> most of the world still runs sendmail, and a large percentage of that
> crowd still run versions of sendmail that have known vulnerabilities!


I know, which is what makes the whole thing alarming indeed. I mean any
newbie hacker can get root acesss using sendmail. Why so many sysadmins
don't upgrade sendmail or choose a safer MTA has puzzled me for a long
time.

> As Phil Pennock has already said, Exim, like Smail before it (from which
> it borrows many design ideas), was written from the ground up with great
> attention to the programming details


Yes, but it seems that DJ barnstein criticised the design of exim, in the
original message that I quoted.


> Note also that security by compartmentalisation can be easily achieved
> by other ways than just by splitting a large and complex program into
> many intertwined daemons. For example you could run your external
> mailer on a host that is not trusted by any other trusted host to do
> anything but deliver e-mail and perform DNS queries. Provided that you
> also have a secure logging host, some form of intrusion detection, and
> a well tested recovery procedure this kind of setup will perhaps be even
> more secure than you could achive by running a mailer like Postfix or
> Qmail on an otherwise more trusted machine.


Thank you for this information. I would like to think about the practical
implecations of such a setup though.

May Allah bless everone,
Mustapha Mahfouz