"JLT" == Jason L Tibbitts, <Jason> writes:
>>>>>> "VGI" == Vladimir G Ivanovic <[EMAIL PROTECTED]> writes:
VGI> What exactly are you suggesting? That we all turn off sendmail because
VGI> of some as yet unknown vunerablity?
JLT> I do not believe that you could infer that from my message,
You're free to believe whatever you wish, but yes, that is what I
inferred from your message (reproduced below). Apparently that wasn't
your intent, but it was what I received.
[...]
JLT> Of course I receive the security alerts, as I am perfectly capable of
JLT> enabling mail serving functionality on machines which need it. You don't
JLT> seem to have made a point, though.
I did, but you missed it. My point was that Red Hat has a well
established process for fixing security issues in the field.
--- Vladimir
Vladimir G. Ivanovic http://www.leonora.org/~vladimir
2770 Cowper St. [EMAIL PROTECTED]
Palo Alto, CA 94306-2447 +1 650 678 8014
-------
To: [EMAIL PROTECTED]
Subject: Re: Sendmail Weirdness, Or Welcome to WinHat 7.1
From: Jason L Tibbitts III <[EMAIL PROTECTED]>
Date: 17 Jul 2001 13:39:35 -0500
>>>>> "VGI" == Vladimir G Ivanovic <[EMAIL PROTECTED]> writes:
VGI> "Connect to my machine"? How? You can telnet to port 25, but all you
VGI> can do is talk ESMTP. Is that a security risk?
It may be, if a vulnerability is discovered tomorrow. If that happens,
then what does Red Hat do? Get every single person who has installed Red
Hat Linux to upgrade to the fixed package? Or sleep well knowing that the
default installation is at least protected from nonlocal attacks? Sure,
sites who turned it back on will have to either shut it off, upgrade to a
fixed package, or be insecure, but at least the problem has been
significantly diminished.
Won't happen? It's happened before. (Not just with Sendmail.)
- J<
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
