On Tue, 2006-09-12 at 10:11 -0500, Gilbert Sebenste wrote: > On Sat, 9 Sep 2006, Les Mikesell wrote: > > >> True on the latter. But that has and will always be the case. That is not > >> the fault of the software, however. In this case, an extra problem is > >> causing a DOS on top of what you describe above. And if your network is a > >> victim of an attack based on that, it can be just as costly as a security > >> flaw allowing a breach of information. > > > > How is it more of a DOS one way than the other? If I understand > > the flaw, you can only crash the sendmail child connected to > > yourself which shouldn't have as much impact on anything else > > as staying connected would. It's not particularly desirable > > but I don't see how killing a child process that will be > > restarted is a big problem. > > Is the child always going to restart? If so, then mea culpa. But still, > I'd rather have it fixed either way. I'd expect it to continue to start new processes based on the way sendmail forks as it accepts connections up to the configured limit. However, given that it's a bug I'm not absolutely sure. -- Les Mikesell lesmikesell@xxxxxxxxx