Path: utzoo!utgpu!attcan!uunet!auspex!guy
From: guy@auspex.UUCP (Guy Harris)
Newsgroups: comp.unix.wizards
Subject: Re: Internet Virus: SunOS patches
Message-ID: <426@auspex.UUCP>
Date: 10 Nov 88 19:38:02 GMT
References: <76493@sun.uucp> <580@micropen>
Reply-To: guy@auspex.UUCP (Guy Harris)
Organization: Auspex Systems, Santa Clara
Lines: 13

>Its probably in the past enough to wonder what the h&%$ SUN and other vendors
>like Mt. XINU were *thinking of* when they went into the Makefiles and enabled
>the known security risk of sendmail debug mode.

They *didn't* "(go) into the Makefiles and enable ... sendmail debug
mode," so your implied question is meaningless.  The 4.3BSD "sendmail"
comes, *as distributed on the 4.3 tape*, with DEBUG defined as "1" in
"conf.h" (not the Makefile, that's not where you turn DEBUG on).

You can argue, probably justifiably, that they should either have turned
DEBUG off when building it, or at least made debug mode not have the
side-effect of allowing addresses other than user names in RCPT lines,
but you can also argue that Berkeley should have done that as well....