Re: Smashing the Stack: prevention?

Russell Coker (bofh@SNOOPY.VIRTUAL.NET.AU)
Mon, 28 Apr 1997 19:04:52 +1100

>> 1. 'you gotta change the code'

>These are just plugs in the bursting dike. The problem is not that
>privileged code is insecure. The problem is that there is too much
>privileged code.

I agree. For example I'd like to know why almost everyone runs sendmail
as root. It seems that Sendmail has more security holes than most other
server software for the UNIX platform combined, yet it gets run with the
highest privilidge level! I've got Sendmail running on my servers without
any root access. Here's a web page explaining what I did:

http://www.virtual.net.au/~rjc/sendmail.html

If you have any suggestions to improve my Sendmail setup then please let
me know.

Russell Coker