> Have you honestly looked at smail?
It doesn't really matter fundamentally whether the mail package is
sendmail with its known, documented, and occasionally patched legion
of bugs or some different hunk of software for the same purpose. In
all cases, bugs will occasionally appear. The purpose of nonbypassable
access control mechanisms like Type Enforcement is to prevent the
inevitable bugs from allowing instant and complete compromise of the
system.
Even if today's version of "smail" is proven secure (unlikely) then
where are we going to find the time/money/effort/expertise to prove
that next years' patched version is also secure? And what about the
incremental changes after that? At some point even the best designed
and engineered software component will look like sendmail, especially
packages in the public domain. It costs lots of money and effort to
maintain design integrity across multiple releases, and that's a huge
source of bugs right there.
Rick.
smith @
sctc .
com secure computing corporation
Follow-Ups:
References:
|
|
