> ..Sendmail is the only useful mail package out there out there. I'd be happy
> to adopt anything which offers me Sendmail functionality in a more secure
> fashion....
The best way to run Sendmail is to encapsulate it to stop the
inevitable attacks. No version of Sendmail is "secure" against
anything except *maybe* against previously patched vulnerabilities.
The "smap" wrapper is one encapsulation approach. But if smap suffers
from a failure (note recent reports of potential syslog based
vulnerabilities) then you're right back to where you started.
The more effective approach is to use some form on nonbypassable
access control. This isolates the software components all the way to
the bare metal. Attacks are limited to the encapsulated portion of the
host and can be blocked from spilling over into your protected
network. This requires a good, B level TCB or a Sidewinder with Type
Enforcement.
The point is, you *can't* guarantee that a large, capable, general
purpose package is bug free, whether the bugs are security oriented or
anything else. So you need something to backstop it, like Type
Enforcement or maybe MLS protections.
Rick.
smith @
sctc .
com secure computing corporation
Follow-Ups:
|
|
