[ speaking for myself here, not my employer and so on ... ]
On Fri, 9 Jun 2000, JF Martinez wrote:
> > I disagree about no "MTA worth his salt," and sendmail certainly DOES
> > deliver mail to root.
> >
> > You can always create an alias yourself.
> >
>
> I know it but there will be people who don't know about it, forget
> it or perhaps one day a person at RedHat makes a mistake and my alias
> file is overwritten with a vanilla one where root is not aliased.
Ignorance is no excuse. The aliases file is tagged as %config(noreplace)
and you will at least be warned what has happened if you upgrade to a
package where this is not the case.
> Everything you do as root who is not strictly needed for
> administration is a potential security risk be it using the Gimp,
> using gcc, or reading mail. Since we cannot exclude the eventuality of
> a defective MUA or one with a trojan then an MTA should not accept to
> deliver to root.
Since we cannot exclude the eventuality of a braindead person sitting at
the console, we should disable root-logins anyway.
> No alias, no delivery. Point. Guns have safetys so you don't shoot
> yourself in the foot, software should have safetys too.
But guns don't have safety measures to circumvent e.g. flawed "users" (ok,
bad example -- but you can pretty well shoot yourself in the foot, no gun
will protect you if you had such a desire). It is the wrong approach to
try to circumvent bugs of a certain MUA in the MTA.
> BTW sendmail was designed in a time was designed when the few who used
> the Internet were adult, equilibrated people so it was czertainly not
> built for being secure. Today there are many people in the Internet
> and some of them re not adult, are half crazy or are dishonest. And
> we cannot afford allowing inherntly insecure features like allowing
> mail delivery to root.
It is not inherently insecure to have mail delivered to root, because
first of all, it is just text. If I as root _decide_ to interpret it as a
script (by using a stupid MUA), then that's _my_ fault, not sendmail's.
Some people might want to read mail addressed to root as the root user and
with a sensible MUA, that's _no_ problem. I wouldn't want to stand in
their way.
Nils
--
Nils Philippsen / +49.711.96437.250 / [EMAIL PROTECTED]
Red Hat GmbH / Hauptstätter Straße 58 / D70178 Stuttgart
The use of COBOL cripples the mind; its teaching should, therefore, be
regarded as a criminal offence. -- Edsger W. Dijkstra
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
