Internet Virus: SunOS patches

Guy Harris guy at auspex.UUCP
Fri Nov 11 05:38:02 AEST 1988


>Its probably in the past enough to wonder what the h&%$ SUN and other vendors
>like Mt. XINU were *thinking of* when they went into the Makefiles and enabled
>the known security risk of sendmail debug mode.

They *didn't* "(go) into the Makefiles and enable ... sendmail debug
mode," so your implied question is meaningless.  The 4.3BSD "sendmail"
comes, *as distributed on the 4.3 tape*, with DEBUG defined as "1" in
"conf.h" (not the Makefile, that's not where you turn DEBUG on).

You can argue, probably justifiably, that they should either have turned
DEBUG off when building it, or at least made debug mode not have the
side-effect of allowing addresses other than user names in RCPT lines,
but you can also argue that Berkeley should have done that as well.... 



More information about the Comp.unix.wizards mailing list