Mailinglist Archive: opensuse-security (606 mails)

< Previous Next >
Re: [suse-security] FTP daemons
  • From: "Pascal J. Bourguignon" <pjb@xxxxxxxxxxx>
  • Date: Thu, 5 Apr 2001 06:19:30 +0200 (CEST)
  • Message-id: <20010405041930.17C523B005@xxxxxxxxxxxxxxxxxxx>

Ralf Koch <info@xxxxxxxxxx> wrote:
> I know we had the discossion some times ago. Do you know anything about actual
> (!) security flaws of sendmail? And if not - why should postfix be more secure?
> (See discussion of "secure" FTP daemons)

Well, I'm not up to date with the latest releases of sendmail (when I
left it for postfix, two years ago, a buffer-overflow bug had been
discovered in its then current version), but while the probability to
encounter a buffer-overflow bug in general C software such as sendmail
is quite high (2/3 ?), postfix has been programmed from the start with
special considerations to all these kind of security-related problems,
and while I've only browsed lightly the code of postfix, it's
programmed in a way that make the probability of one of these
dreadfull buffer overflow bug very low. The fact that it's very
modula, with several subprocesses, neither of them running as root
(postfix would refuse to run as root), implies that if ever there
should be a problem, it would be confined to a small part of postfix.
Each processes (and even some internal functions) do constantly
validate the data it gets from the other parts of postfix or from the
exterior world.

--
__Pascal_Bourguignon__ (o_ Software patents are endangering
() ASCII ribbon against html email //\ the computer industry all around
/\ and Microsoft attachments. V_/ the world http://lpf.ai.mit.edu/
1962:DO20I=1.100 2001:my($f)=`fortune`; http://petition.eurolinux.org/

< Previous Next >