* [mdk-re] [Fwd: [expert] Re: Structural security problems in Redhat 7]
@ 2001-01-23 23:49 Aleksey Novodvorsky
0 siblings, 0 replies; only message in thread
From: Aleksey Novodvorsky @ 2001-01-23 23:49 UTC (permalink / raw)
To: Mandrake-russian
Hi!
Может быть, это будет интересно системным администраторам. Bernhard
Rosenkraenzer (Bero) сейчас работает в RH, года полтора назад -- в
MandrakeSoft.
Rgrds, AEN
-------- Original Message --------
Subject: [expert] Re: Structural security problems in Redhat 7
Date: Tue, 23 Jan 2001 21:13:08 +0100 (CET)
From: Bernhard Rosenkraenzer <bero@redhat.de>
Reply-To: expert@linux-mandrake.com
To: Jean Francois Martinez <jfm2@club-internet.fr>
CC: <redhat-devel-list@redhat.com>, <expert@linux-mandrake.com>
On 23 Jan 2001, Jean Francois Martinez wrote:
> Isn't RedHat playing with fire and making us play with fire by using
> software who is either a regular provider of security problems ie
> wu-ftpd (what is wrong with proftpd?)
proftpd is at least as much of a security problem as wu-ftpd.
Take a look at some older bugtraq postings and you'll find proftpd used
to
be the exploit-of-the-week daemon for quite some time.
It hasn't had many issues recently (neither did wu-ftpd), but I
personally
still wouldn't trust it.
Another point is that we have several people we can shout at if
something
goes wrong in wu, and therefore, we can fix problems faster if they turn
up. There probably aren't any security problems left though, several
people have proofread the code and haven't found anything.
Also, it doesn't have all the features many people are used to have.
> or software who is _structurally_ unsecure like sendmail?
I personally don't understand it either, I've been pushing to replace it
with postfix for quite a while.
The main arguments I've heard against this is "we can't enforce changing
smtp daemons on everyone", "some people need sendmail's special
features"
(/etc/sendmail.cf may be the most complicated file on a system,
therefore
it's also the most powerful ;) ), "sendmail is standard and used
virtually
everywhere" and "sendmail has been in use forever (therefore had much
more
testing)".
The last argument actually makes some sense - there haven't been any
critical security problems with sendmail lately.
> I also don't understand why RedHat doesn't use its own excellent lokkit in the
> installation.
This or something similar might happen in a future version.
LLaP
bero
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2001-01-23 23:49 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-01-23 23:49 [mdk-re] [Fwd: [expert] Re: Structural security problems in Redhat 7] Aleksey Novodvorsky
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git