From: Aleksey Novodvorsky <aen@logic.ru> To: Mandrake-russian@linuxteam.iplabs.ru Subject: [mdk-re] [Fwd: [expert] Re: Structural security problems in Redhat 7] Date: Tue Jan 23 23:49:00 2001 Message-ID: <3A6E2CDE.5FFBE87@logic.ru> (raw) Hi! Может быть, это будет интересно системным администраторам. Bernhard Rosenkraenzer (Bero) сейчас работает в RH, года полтора назад -- в MandrakeSoft. Rgrds, AEN -------- Original Message -------- Subject: [expert] Re: Structural security problems in Redhat 7 Date: Tue, 23 Jan 2001 21:13:08 +0100 (CET) From: Bernhard Rosenkraenzer <bero@redhat.de> Reply-To: expert@linux-mandrake.com To: Jean Francois Martinez <jfm2@club-internet.fr> CC: <redhat-devel-list@redhat.com>, <expert@linux-mandrake.com> On 23 Jan 2001, Jean Francois Martinez wrote: > Isn't RedHat playing with fire and making us play with fire by using > software who is either a regular provider of security problems ie > wu-ftpd (what is wrong with proftpd?) proftpd is at least as much of a security problem as wu-ftpd. Take a look at some older bugtraq postings and you'll find proftpd used to be the exploit-of-the-week daemon for quite some time. It hasn't had many issues recently (neither did wu-ftpd), but I personally still wouldn't trust it. Another point is that we have several people we can shout at if something goes wrong in wu, and therefore, we can fix problems faster if they turn up. There probably aren't any security problems left though, several people have proofread the code and haven't found anything. Also, it doesn't have all the features many people are used to have. > or software who is _structurally_ unsecure like sendmail? I personally don't understand it either, I've been pushing to replace it with postfix for quite a while. The main arguments I've heard against this is "we can't enforce changing smtp daemons on everyone", "some people need sendmail's special features" (/etc/sendmail.cf may be the most complicated file on a system, therefore it's also the most powerful ;) ), "sendmail is standard and used virtually everywhere" and "sendmail has been in use forever (therefore had much more testing)". The last argument actually makes some sense - there haven't been any critical security problems with sendmail lately. > I also don't understand why RedHat doesn't use its own excellent lokkit in the > installation. This or something similar might happen in a future version. LLaP bero
reply other threads:[~2001-01-23 23:49 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=3A6E2CDE.5FFBE87@logic.ru \ --to=aen@logic.ru \ --cc=Mandrake-russian@linuxteam.iplabs.ru \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Community general discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 community community/ http://lore.altlinux.org/community \ mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com public-inbox-index community Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.community AGPL code for this site: git clone https://public-inbox.org/public-inbox.git