Eero Volotinen wrote:
>> An IP stack which is part of the kernel *is* (more or less) directly 
>> exposed to the internet as long as there's the appropriate cable 
>> connected to that machine.
> 
> Yes, I hope that IP-stack is not so buggy. Anyway, I think that is 
> easier to exploit systems via normal tcp connection as the kernel ip stack.
> 
> Anyway, I think that unprotected sshd is bigger risk than postfix or 
> sendmail. Personally I cannot trust sendmail, so I am running postfix on 
> most of mailiservers.

What basis do you have for not trusting sendmail?  This may be biased, 
but it's probably the most accurate assessment of the code we are 
running that we are likely to get:
Old history here:
http://magazine.redhat.com/2009/03/10/risk-report-four-years-of-red-hat-enterprise-linux-4/
Note 1 bug in sendmail, fixed before publically announced (and long 
ago).  This is out of 130 critical bugs in the distribution.  Note also 
that sendmail does not appear in the 'riskiest packages' list, but the 
kernel is right up there at number 4, php at #9.

The more current list is at:
http://www.redhat.com/security/data/metrics/summary-rhel5-all.html
Don't see anything about sendmail in that list of 616 issues. I do see a 
security related bugfix for postfix here:
http://rhn.redhat.com/errata/rhel-server-errata.html
Maybe you are worrying about the wrong thing.

-- 
   Les Mikesell
    lesmikes...@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Reply via email to