Mail

Robert Huff roberthuff at rcn.com
Wed Jun 16 11:58:22 PDT 2004


Chuck Swiger writes:

>  There have been around 70 security issues mentioned since the
>  beginning of sendmail-8 circa 1993, or about six per year.
>  Recently, things have gotten better, but a dispassionate
>  evaluation of the security history of sendmail does not inspire
>  any great confidence that one can set up sendmail, leave it
>  unpatched, and expect the software to still be free of known
>  remotely-exploitable security problems two years later.

	Would you care to nominate an inherently network-accessible
program with such a track record?  For example: 5.2.1 was released
in late February; there are currently 12 security advisories*, of
which I would consider at least 5 to be part of the core system.
(As opposed to things in the base system, like BIND.)


			Robert Huff


* - see "http://www.freebsd.org/releases/5.2.1R/relnotes-i386.html#SECURITY"



More information about the freebsd-questions mailing list