On Wed, Apr 04, 2001 at 06:51:42PM +0200, Wichert Akkerman wrote: > Previously Guus Sliepen wrote: > > I'm against this. I really wish people would stop installing > > NAT/firewalls/wrappers/jails/etc, which are merely kludges, and would start > > fixing the real problem. > > That is a really simple argument. One of the basics of good security > is multiple layers of protection. So you make sure that your appliction > is not exploitable, AND that it doesn't have suid where it isn't needed, > AND that it runs with resource limits, etc. True, but people do focus a lot more on the latter while the former would be The Better Thing to do I think. In case of sendmail, I do not think the proposed split adds enough security that it is worth the hassle. I know others think differently, just wanted to let my opinion be heard. ------------------------------------------- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.warande.net> ------------------------------------------- See also: http://tinc.nl.linux.org/ http://www.kernelbench.org/ -------------------------------------------
Attachment:
pgpXNtbgronem.pgp
Description: PGP signature