|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: qmail, from bugtraq
From: D. J. Bernstein (djb
cr.yp.to)Date: Fri Feb 04 2000 - 03:24:02 CST
- Next message: Wietse Venema: "Re: qmail, from bugtraq"
- Previous message: Matthias Andree: "Re: Postfix and Fetchmail"
- Next in thread: Wietse Venema: "Re: qmail, from bugtraq"
- Reply: Wietse Venema: "Re: qmail, from bugtraq"
- Reply: Marek Habersack: "Re: qmail, from bugtraq"
- Reply: Matthias Andree: "Re: qmail, from bugtraq"
- Reply: Dylan Griffiths: "Re: qmail, from bugtraq"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://cr.yp.to/qmail/guarantee.html
http://cr.yp.to/qmail/venema.html
http://cr.yp.to/maildisasters/postfix.html
Wietse Venema writes:
> I installed qmail as per author instructions and ran my machines
> out of swap with a trivial exploit.
That's because you neglected to use the tools that your system provides
to allocate your resources.
The crucial fact that you're failing to mention is that attackers can
chew up all the memory on such systems BEFORE qmail is installed. It's
rather idiotic to blame qmail for a problem that existed before qmail
was installed.
Of course, as a fraudulent marketing stunt, you carefully wrote _your_
attack programs so that they would only work after qmail was installed.
But security is defined by what _can_ be done, not by what _you_ did.
---Dan
- Next message: Wietse Venema: "Re: qmail, from bugtraq"
- Previous message: Matthias Andree: "Re: Postfix and Fetchmail"
- Next in thread: Wietse Venema: "Re: qmail, from bugtraq"
- Reply: Wietse Venema: "Re: qmail, from bugtraq"
- Reply: Marek Habersack: "Re: qmail, from bugtraq"
- Reply: Matthias Andree: "Re: qmail, from bugtraq"
- Reply: Dylan Griffiths: "Re: qmail, from bugtraq"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]