Matthew S. Hallacy writes:
> You realize that most of these are not security related, and only a
> few are remove root exploits. Considering it's from 1993 and forward..

Perhaps I counted incorrectly?  A hole means an attacker can gain access to
a non-root account or group.  A root hole means an attacker can gain access
to root:

Local holes: 5
Local root holes: 3
Remote holes: 2
Remote root holes: 2

> So, the previous exploits for qmail were all fixed, and now it's 100%
> guaranteed secured. Mmmkay.

That's a blatant lie.  qmail has never had any security holes.  Of course,
if you weren't just making things up, you'd know that.

> I'm sorry, I think you're confused. sendmail certainly doesn't run
> everything as root, and it's not a single monolithic daemon doing
> everything.

I guess they fixed that in recent versions.  I retract my previous
statement.

It wasn't like that when Dan wrote qmail.  Though, apparently, the
"redesign" hasn't stopped root security holes.

> your only real point is that sendmail has had more *bugs* than qmail.

Yes, that is my point.  Sendmail has more bugs and is not secure.  We should
not encourage people to run insecure software.

> I would expect this for a daemon that has been around for a hell
> of a lot longer than qmail, and is used by a lot more people.

That statement is not logical.  I would expect an older program to have
fewer bugs, not more.  The number of users does not affect the number of
bugs.  It may affect the number of users finding bugs, but that is not
relevant to the number of bugs in the program.

--
David Phillips <david at acz.org>
http://david.acz.org/


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list