Internet Virus: Really, the vendors *are* paying attention.
Carl S. Gutekunst
csg at pyramid.pyramid.com
Sun Nov 20 17:02:47 AEST 1988
>>Its probably in the past enough to wonder what the h&%$ SUN and other vendors
>>like Mt. XINU were *thinking of* when they went into the Makefiles and enabled
>>the known security risk of sendmail debug mode.
>They *didn't* "[go] into the Makefiles and enable ... sendmail debug mode"....
>The 4.3BSD sendmail comes ... with DEBUG defined as "1" in "conf.h"....
But besides all that, sendmail DEBUG mode is extremely useful to the mail
administrator. It is a *big* help when mail is going awry. The problem is not
"DEBUG mode is a security hole," rather "DEBUG mode had security holes in it."
Since I maintain Pyramid's sendmail (honest, MX records will be in the *next*
OSx release :-)), security holes in sendmail are a personal embarrassment to
me. I looked at DEBUG mode years ago, decided it was more useful than hazard-
ous, and left it in. I completely missed the fact that it allowed any user to
mail to a pipe (*blush*). Even had I noticed it, I cannot honestly say I would
have immediately recognized the security hole it created. (Hindsight is 20/20,
and all that.)
Now that this hole has been so obviously exposed, all the UNIX vendors I have
talked with are doing essentially the same thing: out on a rampage, looking
for all kinds of other ways to blow up sendmail, then sharing the results and
fixes on Spaf's worm mailing list. (Paul Vixie at DEC and Barry Shien at
Encore have been terrific.) We found several more serious bugs, as well as at
least three ways to propogate the worm over UUCP (not even counting Peter
Honeyman's stuff). The sharing of information has been very positive, and I am
highly confident that every one of the participating vendors (including Sun,
OK?) will have all these fixes incorporated as soon as they possibly can.
To accuse the vendors of negligence for leaving such "blatant" security holes
around is pretty weak. The Internet protocols, like any network, have a lot of
security holes. Vendors feel obligated to close these as much as they can, but
there are only so many that can be closed per unit time. The more obscure the
bug, the more likely it is to wait while more hazardous holes are fixed. The
sendmail DEBUG holes are no longer obscure, and so now are being fixed, ahead
of other holes.
Incidentally, I'd like to reinforce Barry's observations about how UNIX did
much more to cure the worm than to propogate it. Here we have engineers from
AT&T, DEC, Encore, Pyramid, and Sun -- most of which are direct competitors --
sharing notes on how to solve the problem. What other environment besides UNIX
fosters such cooperation?
<csg>
More information about the Comp.unix.wizards
mailing list