| |||||||||||||
|
| |||||||||||||
Baddest of weeks, bestest of weeksBaddest of weeks, bestest of weeksPosted Sep 19, 2003 0:05 UTC (Fri) by maney (subscriber, #12630)Parent article: A bad week Sendmail remains a disaster waiting to happen, with a MTBD that probably doesn't approach one year. I can't imagine why anyone would expect it to be otherwise. Despite all the efforts of those who have helped patch it up over the years, sendmail retains the disaster-prone free root with every succesful 'sploit monolithic design of an earlier, far more innocent age. In a world where more secure designs are readily available, sendmail's continued widespread use is mind-boggling. Distributions that ship with it as the default MTA need to be shaken to their senses. Or is it that having a universally used service which requires fairly regular patches right now! feels to them like a form of job security? This program [sendmail] is included free in most UNIX software distributions, but you get less than you pay for. Cheswick, Bellovin & Rubin Unfortunately, I have to disagree about this having been a really bad week. I fear that we'll see far worse when someone gets around to employing these vulnerabilities - not against my machines, thanks to the Debian crew, both the security boffins who get the patched packages out so promptly as well as all those who have made it both quick and easy to acquire and install updates all the many years I've been using Debian. But the awful reality is that many machines just don't get patched in a timely manner, and I can see little reason to expect that pattern to change this time.
(Log in to post comments)
|
|
||||||||||||