> There are few things in life that you can say are absolute, but you
> ABSOLUTELY should NOT be running sendmail on your Firewall. It's too
> buggy, and the firewall is to big a chunk of your network security suite
> to lose to a sendmail hole.
Minor nit: It's definitely a bad idea to run sendmail on a firewall
that's running vanilla UNIX. There are tricks you can play in the
kernel which render sendmail absolutely harmless for just about
any case I can think of. Of course, the kernel tweaks turn the
box into something less than a general purpose UNIX. This is
a nifty trick which also goes a ways towards securing CGI scripts
in web servers too -- namely by disabling them. :)
Basically, what you do is hack the kernel so that no process can do
an exec() unless it's privileged (uid==0). Then you make sendmail and
all your firewall proxies run as non-privileged users. Have attempts
to exec() w/o privilege send a signal that generates a core file and
you'll have instant traces of all stack overrun attempts. Also, you
may want to jigger the setuid() code so that attempts to regain
privilege from an unprivileged process generate a core dump. I
haven't yet implemented a patch to prevent executing pages that
aren't in text space but that's the obvious next step.
mjr.
-----
Marcus J. Ranum, Chief Scientist, V-ONE Corporation
Work: http://www.v-one.com
Personal: http://www.clark.net/pub/mjr
Follow-Ups:
|
|
