Re: [LI] root access from old sendmail boxes

[Rohit <rohits@xxxxxxxxxxxxxx>]

> > Honestly, I would not have believed Mr. Suresh if he said "Sendmail 8.8.4
> > has a bug that crackers can exploit to gain r00t.", without giving the
> > details.
> Raj Mathur posts lots of security bulletins here. Have a loook at them -
> do they mention details? They do not, but the second he posts one here, we
> scramble to update all our client installations, because we trust Raju and
> his sources.

Reputation takes time to build. And though it is quite well heard that
there are people who would try and see how it works, may be for some
illegitimate purposes,
I still believe it better that people inculcate the habit of knowing as
well
as constantly upgrading there systems. And those who want, should have
the knowledge as to why they are doing it.

There actually IS a tradeoff between the satisfaction of curiousities
and closed-pack information's reliability. I will expect that the
publishing of detailed literature, the kind that started that thread,
not be banned but, preferably, the patches [if there are] be also
supplied alongwith the info.

And as for the security holes' being exploited, a person outside the
attitude of this list is more likely to exploit those. And there is
LITTLE one can do about it. If someone is ready to kill himself for
spamming others, the list will never be able to prevent him from
obtaining the exploit. What we can do is in time upgrade out skins.
--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.