Sendmail and secure design

Sendmail and secure design
Jason Miller, 2006-05-01

Sendmail's wide market share, ancient code base and long vulnerability history make it an interesting example about the need for software to start from a secure design.

Expand all | Post comment

An Example 2006-05-02
Anonymous

Sendmail and root??? 2006-05-02
Anonymous

"Sendmail might be a relatively old application, but it wasn't designed with the ultimate goal of security in mind. Sendmail's liberal use of root access exacerbates these problems."

It has been at least 5 years since sendmail has used root routinely. The MTA can run as anyone or no-one. It only needs to read/write the mail queue, and read access to the alias and other configuration files.

Delivery is not handled by sendmail - that is up to a delivery agent, which is external.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/400/33569#33569

Sendmail and secure design 2006-05-02
Robert Banz (rob@nofocus.org)

Sendmail and secure design 2006-05-02
J. Lasser

Sendmail 2006-05-03
Alexey Vesnin

Sendmail and secure design 2006-05-03
Matthew Murphy

Sendmail and root??? 2 2006-05-09
Anonymous