[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why were all DJB's ports removed? No more qmail?



On Tuesday, August 28, "D. J. Bernstein" wrote:
> http://cr.yp.to/maildisasters/postfix.html simply reports the facts.

Postfix is not in the base system.  What other software authors do I
can certainly not comment on.


> Some of the facts are continuing events: the Postfix author never
> 
>    * posted an alert about this security problem, or
>    * apologized for exposing his users to selective mail destruction, or
>    * apologized for his false and misleading statements, or
>    * took responsibility for his mistakes, or

Mistakes in who's eyes.  If the user of a software tool assumes his/her
usage of a package shows a major deficit in the too, and brings that to
your attention, would you fix it?  Would you take responsibility for that
problem?

>    * offered cash rewards for security holes.

This makes so many software systems out there so much less credible.
(Yes, for the uninitiated, that was pure sarcasm)


> Postfix proponents who claim that my page is ``out of date'' are really
> trying to say that users should ignore the historical facts. This is a
> common argument from people who don't really care about security.

Not ignore history, no.  History is a good thing to remember.  However,
it is also good to look towards the future, and remember to prepare for
it by changing both code and practices to survive...


> If you've been fooled into using Sendmail, for example, and you're now
> asking crucial questions such as
> 
>    How exactly did OpenBSD ``audit'' Sendmail? How did this latest
>    security hole slip past the ``audit''? What structures and procedures
>    could have been put into place to prevent this disaster? For example,
>    shouldn't large setuid programs be banned?

Sure, why not.  However, there are a number of reasons why it likely will
not happen any time soon.

1) Sendmail is the traditional MTA on bsd systems.  Just like init being
the traditional first process.  You're not going to see that change any
time soon.

2) I've yet to see a viable alternative that drops into sendmails place,
will take the appropriate *.cf files, and generally do exactly what
sendmail does.  Oh, and if you think that you can get around this
requirement, please look at the URL you posted (case studies) on the
other message.  Changing the interface of software (or moving it) is
quite *evil* in your words...


> you'll get non-answers like ``I can't believe you're attacking OpenBSD''
> or ``Don't worry about it! The bug is fixed now. OpenBSD is secure!''

Attack it all you like.  There are flaws, bugs, and outright errors in any
big system.  Thinking otherwise is foolish at best...

--Toby.