OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Is postfix vulnerable to the Linux setcap bug?
From: Matthias Andree (madt.e-technik.uni-dortmund.de)
Date: Fri Jun 09 2000 - 04:47:04 CDT

Brad Knowles <blkskynet.be> writes:

> Sendmail has to protect itself and refuse to run in situations
> where it cannot operate securely, otherwise (as has always happened in
> the past) it will get blamed for bugs that occur elsewhere. It doesn't
> matter that other programs like ProFTPD and Apache would be vulnerable
> to the same bug -- it would still be perceived as a "sendmail bug".

Why is that? Because Sendmail has a bad reputation in security matters,
so people usually blame it on Sendmail first. Still, blaiming Sendmail
for this particular problem boils down to blaming an entire design, it's
not really Sendmail's fault, and I guess there are dozens of other holes
that updating Sendmail to 8.10.2 cannot fix, but fixing Linux can.

> > What's the point in mentioning this here anyways?
>
> It's a philosophy issue. Fortunately, Wietse has solved this
> problem already by avoiding the setuid root mode of operation.

He never solved it, but he did not ever have it, by careful design. That
is a difference.

To mention this in clear text: there have been a lot of problems with
other systems in the environment Postfix runs in, but delightfully,
Postfix has not been vulnerable in these cases, except for problems that
no system can avoid. 

-- 
Matthias Andree

                Where do you think you're going today?