tobold.org

correct • elegant • free

△ comp.mail.* △

◅ SMTP specification

qmail ▻

The SENDMAIL REMOTE ROOT exploit...

In article <5c66cp$b8h@hole.sdsu.edu>,
Jason Matthews <matthews@rohan.sdsu.edu> wrote:
>[qmail] is probably by far more resource intsensive then sendmail.

This counts as ludicrous unsubstantiated guess of the week.

>                                                                   I do
>not see the point in breaking one large program up into several little
>programs.

No?  Try reading the SECURITY document in the qmail distribution for
one reason to do this.

Try reading anything on the Unix tools approach for another.

>          It just means more fork() and exec() calls. exec() can be
>rather expensive.

Any Unix system worthy of the name can fork() and exec() small programs
extremely quickly.  All the components of qmail pass the "PDP test"
(text < 64k, data < 64k).  Easily.

Here's sendmail, stripped...

    ----------  3 root     bin  245760 Jul 17  1996 sendmail

And here are all the parts of qmail that are used to transfer an
inbound SMTP message to a local user.

    -rwxr-xr-x  1 root    qmail  32768 Jan 21 14:38 qmail-alias
    -rwxr-xr-x  1 root    qmail  16384 Jan 21 14:38 qmail-clean
    -rwxr-xr-x  1 root    qmail  20480 Jan 21 14:38 qmail-lspawn
    -rwsr-xr-x  1 qmailq  qmail  20480 Jan 21 14:38 qmail-queue
    -rwxr-xr-x  1 root    qmail  45056 Jan 21 14:38 qmail-send
    -rwxr-xr-x  1 root    qmail  28672 Jan 21 14:38 qmail-smtpd
    -rwxrwxr-x  1 root    bin    24576 Oct 10 16:08 tcpserver

The *total* size of these 7 qmail binaries is less than the sendmail
monster.

Tim.
--
Tim Goodwin   | "A language needs both intestines and guts." -- Larry Wall

Original headers:

From: tim@pipex.net (Tim Goodwin)
Newsgroups: comp.security.unix
Subject: Re: The SENDMAIL REMOTE ROOT exploit...
Date: 23 Jan 1997 15:57:28 GMT
Organization: UUNET PIPEX
Message-ID: <5c81p8$bp9@join.news.pipex.net>
References: <Pine.LNX.3.95.970122063552.21015A-100000@ferret.lmh.ox.ac.uk>
  <5c5pt9$acr@hole.sdsu.edu> <5c66cp$b8h@hole.sdsu.edu>

△ comp.mail.* △

◅ SMTP specification

qmail ▻