That is not necessary. Just change the default behavior of sendmail
and when the next root exploit is found and everybody is forced to
upgrade within 24 hours, it'll be largely deployed.
This is manifestly false. Old versions of sendmail are rife in the
real
world.
also, if you go back and actually LOOK at the history of sendmail,
there have only been two root exploits fixed going back to 8.9.3 in
February of 1999, four years ago. In that time, there have also been 2
or 3 potential local DOS exploits fixed, a couple of those in cases not
normally used by sendmail installations, and about half a dozen
security fixes that work around broken things in OSes like Linux.
Lots of people dump on sendmail, but it's reputation for being a
security dog got beaten out of it a while back. No, that's not as clean
as having it being designed in from the front, but sendmail didn't have
predecessors to learn from, either.
chuq (may the religious war begin....)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg