Re: sendmail and suidness (or lack thereof)
Previously Guus Sliepen wrote:
> I'm against this. I really wish people would stop installing
> NAT/firewalls/wrappers/jails/etc, which are merely kludges, and would start
> fixing the real problem.
That is a really simple argument. One of the basics of good security
is multiple layers of protection. So you make sure that your appliction
is not exploitable, AND that it doesn't have suid where it isn't needed,
AND that it runs with resource limits, etc.
/ Nothing is fool-proof to a sufficiently talented fool \
| firstname.lastname@example.org http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |