[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sendmail and suidness (or lack thereof)



On Wed, Apr 04, 2001 at 06:51:42PM +0200, Wichert Akkerman wrote:

> Previously Guus Sliepen wrote:
> > I'm against this. I really wish people would stop installing
> > NAT/firewalls/wrappers/jails/etc, which are merely kludges, and would start
> > fixing the real problem.
> 
> That is a really simple argument. One of the basics of good security
> is multiple layers of protection. So you make sure that your appliction
> is not exploitable, AND that it doesn't have suid where it isn't needed,
> AND that it runs with resource limits, etc.

True, but people do focus a lot more on the latter while the former would be
The Better Thing to do I think.

In case of sendmail, I do not think the proposed split adds enough security
that it is worth the hassle. I know others think differently, just wanted to
let my opinion be heard.

-------------------------------------------
Met vriendelijke groet / with kind regards,
  Guus Sliepen <guus@sliepen.warande.net>
-------------------------------------------
See also: http://tinc.nl.linux.org/
          http://www.kernelbench.org/
-------------------------------------------

Attachment: pgpW6kLqZqczh.pgp
Description: PGP signature


Reply to: