On Wed, Apr 04, 2001 at 06:51:42PM +0200, Wichert Akkerman wrote:
> Previously Guus Sliepen wrote:
> > I'm against this. I really wish people would stop installing
> > NAT/firewalls/wrappers/jails/etc, which are merely kludges, and would start
> > fixing the real problem.
>
> That is a really simple argument. One of the basics of good security
> is multiple layers of protection. So you make sure that your appliction
> is not exploitable, AND that it doesn't have suid where it isn't needed,
> AND that it runs with resource limits, etc.
True, but people do focus a lot more on the latter while the former would be
The Better Thing to do I think.
In case of sendmail, I do not think the proposed split adds enough security
that it is worth the hassle. I know others think differently, just wanted to
let my opinion be heard.
-------------------------------------------
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@sliepen.warande.net>
-------------------------------------------
See also: http://tinc.nl.linux.org/
http://www.kernelbench.org/
-------------------------------------------
Attachment:
pgpXNtbgronem.pgp
Description: PGP signature