We need a new subject- bug fixes

Les Mikesell lesmikesell at gmail.com
Mon Mar 5 14:12:08 UTC 2007 

Scott van Looy wrote:
>>
>>> It is trivially easy to uncomment a line
>>> and configure sendmail to connect to external ports.
>>
>> Sorry, Rahul, I have to disagree with you there.
>> It is not trivially easy for normal human beings
>> to change anything in sendmail.
> 
> I managed, and I'm normal.
> 
> How many windows boxes are currently sending mail quite happily to you 
> as spam? And you think sendmail should be allowed to do the same?

Beg your pardon?  First, the windows exploits tend to install their own 
mail sender which has nothing to do with this situation, and second, 
sendmail is already allowed to send everywhere in the default setup.

> People who can't work a computer shouldn't be allowed to work one. 
> People who can't work Linux shouldn't be allowed to use it. Just like 
> people who don't know how to drive a car shouldn't be allowed to use 
> one. Not until they've been taught, right?

We aren't talking about using a computer or car, we are talking about 
configuring it.  This is like delivering a car with the brake lines in 
the back seat and claiming that you will be a better driver if you 
muddle through bolting some parts on yourself and getting the air out of 
the brake fluid.  My opinion is that such things are better handled by 
the experts that have some experience.

> But this is the real world, innit?
> 
> Sendmail has been exploited in the past. It's quite well known for 
> having been exploited lots in the past.

As has the kernel, sshd, named, and just about everything else. What's 
your point here?  Bugs get fixed and we move on.  If you remember all of 
those things sendmail used to be criticized for - they've all been fixed.

 > And it's not just a user's
> machine that gets compromised, it causes huge problems when a MTA is 
> compromised and used as an open relay for instance.

The access file keeps sendmail from being an open relay - and has for 
quite a long time.  It is much easier to understand than sendmail.mc or 
sendmail.cf.

> So no, in my humble 
> opinion, as a fedora user, I'd say yes, I prefer that it's not running 
> on external ports by default.

Nobody says it should run that way by default or without the user 
knowing it - just that a distribution should not make a user edit a 
config file directly to undo a change that they won't find mentioned 
anywhere in the upstream application's documentation or examples. Or 
even in the distribution's own documentation outside of the config file 
itself.

> Because if an exploit is discovered then 
> the people actually running sendmail externally will be aware that they 
> are and can fix/patch it.

Absolutely not!  The way people using a distribution get updates is with 
'yum update' or the equivalent.  Otherwise, only experts will have 
anything updated. And the config files should be constructed such that 
  most local changes are merged from /etc/sysconfig and thus updated 
files in an RPM can replace the previous unmodified copies.

> Remember the problems with RPC and windows being exploited? And the ones 
> with remote P&P and the remote registry hacks? All services running on 
> windows boxes that were unknown to the average user...

What does this have to do with a standard well documented service and 
the complaint that it can't be activated without modifying a config file 
that most people won't understand - and are likely to get wrong.

-- 
   Les Mikesell
    lesmikesell at gmail.com

More information about the fedora-list mailing list