Re: Q on external router

[tqbf () secnet com]

> We hear about sendmail's lack of reliability but I am not aware of any
> security problems since version 8.8.5, that's 4 releases ago.  If you're
> going to discount software because it had bugs in a previous release then
> you'd have to pass on 99% of the firewall technology available today. 

This logic was employed at Sendmail version 8.7.5, which, if you'll
recall, withstood public scrutiny for quite some time (longer, I think,
than the 4 releases we've seen --- you can verify this pretty easily).
Following 8.7.5 was an onslaught of security bugs, including blatantly
obvious issues (like the SIGHUP handler that actually executed argv[0]). 

The odds are that we will find more Sendmail bugs, not because Sendmail is
software written by a human being, but because Sendmail has a poor design
(from a security perspective) which makes the possibility and scope of new
security holes large.

I realize that we've found bugs in firewall products. Bugs have been found
in virtually everything. The question is not whether it's *possible* that
we will find an exploitable problem in a given computing component, but
whether it is *likely* that we will. From this, we can gauge whether the
rewards of deploying something outweigh the risks. 

I submit that it is likely that we will find bugs in switches, because
switches are performance-enhancing devices that are not (AFAIK) designed
with security as a priority. I submit it is unlikely that we will find a
bug (easily) in any given application gateway firewall.

-----------------------------------------------------------------------------
Thomas H. Ptacek                                        Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf    "If you're so special, why aren't you dead?"