From qmail-return-6-tmaeno-qmailj=hpcl.titech.ac.jp@hpcl.titech.ac.jp Sat May 03 03:46:00 1997 Return-Path: Delivered-To: tmaeno-qmailj@hpcl.titech.ac.jp Received: (qmail 21766 invoked by alias); 3 May 1997 03:45:59 -0000 Mailing-List: contact qmail-help@hpcl.titech.ac.jp; run by ezmlm Delivered-To: mailing list qmail@hpcl.titech.ac.jp Received: (qmail 21759 invoked by uid 1000); 3 May 1997 03:45:58 -0000 Message-ID: <19970503034558.21758.qmail@hpcl.titech.ac.jp> Subject: qmail security challenge To: qmail@hpcl.titech.ac.jp Date: Sat, 3 May 1997 12:45:58 +0900 (JST) From: "Toshinori Maeno" X-Mailer: ELM [version 2.4 PL25] Content-Type: text Status: OR ニュースでこんなのを見かけました。 the qmail Security Challenge is currently under way with a prize of $375 for the first security bug found in qmail. だそうです。 前野年紀 ------------------------------------------------- >From comp.security.unix Fri May 2 20:52:34 1997 Path: o.cc.titech!titech.ac.jp!wnoc-tyo-news!spinnews!tokio!news.dti.ad.jp!news-jp-0.abone.net!np1.iij.ad.jp!nf0.iij.ad.jp!nr0.iij.ad.jp!news.iij.ad.jp!uunet!in3.uu.net!194.162.162.196!newsfeed.nacamar.de!news.he.net!stc06.ctd.ornl.gov!not-for-mail From: Dave Sill Newsgroups: comp.security.unix Subject: Re: sendmail exploits. Date: 01 May 1997 14:25:56 -0400 Organization: Workstation Support, Oak Ridge National Lab, Oak Ridge, TN, USA Lines: 28 Sender: de5@sws5.CTD.ORNL.Gov Message-ID: References: <861926032.3379@dejanews.com> <5k20nt$2op@lyra.csx.cam.ac.uk> <5k23nn$m2q@unix1.cc.ysu.edu> <5k331c$8s8$1@news.ece.nwu.edu> NNTP-Posting-Host: sws5.ctd.ornl.gov X-Newsreader: Gnus v5.4.37/XEmacs 19.15 Xref: o.cc.titech comp.security.unix:15317 john@interlog.com (John R MacMillan) writes: >Thomas H. Ptacek wrote: > |Would anyone on this newsgroup like to put money on which of qmail, Exim, > |Sendmail, or SMail will have the next publically announced > |remotely-exploitable security hole? =) It's funny you should ask. The official announcement hasn't gone out yet, but the qmail Security Challenge is currently under way with a prize of $375 for the first security bug found in qmail. See for details. > I'm certainly no fan of sendmail, and yes I see the smiley, but I'd be > willing to bet even if all programs were approximately equally secure, > it would be the MTA that is used at the greatest number of sites, ie. > that it would still be sendmail, so I don't think this really says > anything about their relative security. One of the reasons there have been so many bugs found in sendmail is that so many sites are using it, but the *main* reason is that there were/are a lot of bugs to be found. I'm willing to bet, and in fact I *am* betting, that there are no serious security holes in qmail. I don't see anybody stepping up to do the same for sendmail. -- Dave Sill Lockheed Martin Energy Research Oak Ridge National Lab Workstation Support Secure, reliable, efficient. Pick three.