OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: qmail, from bugtraq
From: Marek Habersack (grendelvip.net.pl)
Date: Fri Feb 04 2000 - 11:22:24 CST

* Richard J. Sexton said:

> >> Wietse Venema writes:
> >> > I installed qmail as per author instructions and ran my machines
> >> > out of swap with a trivial exploit.
> >>
> >> That's because you neglected to use the tools that your system provides
> >> to allocate your resources.
> >This can be reversed. If a program claims to be secure, it should use all
>
> Look on the bright side. Both mail programs are infinitly more
> secide than BIND. There's a tiny Perl script that if run
> the right way will turn *any* nameserver running any version
> of BIND off. The fact that nobody has done this to the legacy
> root and com nameservers is a minor miracle.
All of this is true, but look at how many computers it is likely to find
bind running and on how many it is likely to find (any) MTA? The scale of
the problem in the case of MTA is much larger. It is, sadly, true that most
Unix daemons effectively ignore the possibility to set/check the system
resource limits on their own, or at the least, provide the administrator
with an easy way of setting them. If you don't have that option in your
daemon you have to use a wrapper which does that or a shell script
interpreted by a shell that has commands to manipulate the resource limits.
Even if you have the necessary tools, you must know what are average demands
of the software so that you don't set the limits too low and then hunt to
check whether it caused any problems or not - this is not very convenient
with systems that have to be up and running ASAP. On the other hand, the
author of the software has all the knowledge, intimate knowledge of his
software, that is necessary to give estimates of such resource limits.
That's IMHO, of course.

marek

  • application/pgp-signature attachment: stored