[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sendmail and suidness (or lack thereof)

On Wed, Apr 04, 2001 at 06:51:42PM +0200, Wichert Akkerman wrote:

> Previously Guus Sliepen wrote:
> > I'm against this. I really wish people would stop installing
> > NAT/firewalls/wrappers/jails/etc, which are merely kludges, and would start
> > fixing the real problem.
> That is a really simple argument. One of the basics of good security
> is multiple layers of protection. So you make sure that your appliction
> is not exploitable, AND that it doesn't have suid where it isn't needed,
> AND that it runs with resource limits, etc.

True, but people do focus a lot more on the latter while the former would be
The Better Thing to do I think.

In case of sendmail, I do not think the proposed split adds enough security
that it is worth the hassle. I know others think differently, just wanted to
let my opinion be heard.

Met vriendelijke groet / with kind regards,
  Guus Sliepen <guus@sliepen.warande.net>
See also: http://tinc.nl.linux.org/

Attachment: pgpXAd97rODzh.pgp
Description: PGP signature

Reply to: