Re: Bug#155576: To hack or not to hack

To: Brian May <bam@debian.org>, debian-devel@lists.debian.org, 155576@bugs.debian.org, 155576-submitter@bugs.debian.org
Subject: Re: Bug#155576: To hack or not to hack
From: Matt Zimmerman <mdz@debian.org>
Date: Thu, 8 Aug 2002 08:54:51 -0400
Message-id: <[🔎] 20020808125451.GB11756@alcor.net>
Mail-followup-to: Brian May <bam@debian.org>, debian-devel@lists.debian.org, 155576@bugs.debian.org, 155576-submitter@bugs.debian.org
In-reply-to: <[🔎] 20020807235332.GI30103@snoopy.apana.org.au>
References: <[🔎] 20020807002425.GE11117@snoopy.apana.org.au> <[🔎] 20020807003015.GE17190@alcor.net> <[🔎] 20020807225841.GC30103@snoopy.apana.org.au> <[🔎] 20020807233432.GA11756@alcor.net> <[🔎] 20020807235332.GI30103@snoopy.apana.org.au>

On Thu, Aug 08, 2002 at 09:53:32AM +1000, Brian May wrote:

> On Wed, Aug 07, 2002 at 07:34:32PM -0400, Matt Zimmerman wrote:
> > It is still sent from one program to another, of course, but it is done over
> > a pipe, rather than over a TCP connection.  This eliminates an entire class
> > of bothersome problems, such as network security and access control, and
> > should also perform better.
> 
> You realize of course, that only connections from localhost are accepted,
> seeing it only binds to localhost (or this is a bug otherwise)?

Yes, but a network socket is still a network socket.  Given a pipeline,
there is no way for unprivileged users on the system to access it.  However,
it is quite easy for any user to connect to a daemon bound to localhost.  So
it has to contend with potentially hostile users connecting directly to it,
and stressing its SMTP implementation, while the pipeline version can trust
the MTA.

> The rationale, IMHO is:
> 
> - easier to maintain for up-to-date MTAs.

The configuration looks about the same in terms of complexity; I suppose it
could be easier if one switches MTAs, because the amavisd side of the
configuration should not need to change.

> - no need for MTA to execute seperate program that pipes data to
> amavisd and receives result.
> 
> - faster performance as a result of the above.
> 
> - distributed setup.

These seem valid, but most mail systems have relatively low volume, and are
not concerned with performance.

-- 
 - mdz

Reply to:

References:
- To hack or not to hack
  - From: Brian May <bam@debian.org>
- Re: To hack or not to hack
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Bug#155576: To hack or not to hack
  - From: Brian May <bam@debian.org>
- Re: Bug#155576: To hack or not to hack
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Bug#155576: To hack or not to hack
  - From: Brian May <bam@debian.org>

Prev by Date: Re: attn: glut dependers
Next by Date: Bug#155922: ITP: GINF -- GINF is a Web-site creation software for the Linux platform, in the lines of Netscape Composer and Microsoft FrontPage.
Previous by thread: Re: Bug#155576: To hack or not to hack
Next by thread: Re: To hack or not to hack
Index(es):
- Date
- Thread