From: Green, Simon (Simon.Green@EU.ALTRIA.COM)
Date: Tue Mar 11 2003 - 05:46:09 EST
> Tim Muller [mailto:aix_sa_706@YAHOO.COM] wrote:
>
> --- "Green, Simon" <Simon.Green@EU.ALTRIA.COM> wrote:
> > How? You won't be able to receive anything from the
> > outside world so the
> > only possible source of risk would be if you have
> > someone logged on to that
> > system, with malicious intent.
>
> So if I understand correctly, if sendmail is running
> in daemonmode, there is no threat from this particular
> security problem? How can I verify that it is in
> daemonmode on my systems? We are not using mail
> except for a few system generated messages to myself
> or the DBA. I have been reading the sendmail FAQ and
> my AIX books but am not finding anything that
> addresses that topic so far. TIA.
It's the opposite: if sendmail is running (lssrc -s sendmail) you're at
risk. If it is not, users may still send email, (subject to the config) but
not receive and your risk is greatly reduced.
Simon Green
Altria ITSC Europe s.a.r.l.
AIX-L Archive at http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2
AIX FAQ at http://www.faqs.org/faqs/aix-faq/
N.B. Unsolicited email from vendors will seldom be appreciated.
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:38 EDT