Re: default MTA for sarge

[Craig Sanders <cas@taz.net.au>]

On Tue, Jul 15, 2003 at 11:22:02AM -0400, Noah L. Meyerhans wrote:
> On Wed, Jul 16, 2003 at 12:12:59AM +1000, Craig Sanders wrote:
> > while (AFAIK) there are no current exploits for exim, that is more by accident
> > or luck than by design - the monolithic mail daemon running as root design is
> > inherently insecure.  
> 
> OK, Craig, this statement betrays your ignorance.  You clearly don't
> know enough about exim to make a significant contribution to this
> conversation.
> 
> Exim *does not run as root*.  OK?  It starts as root to bind to port 25.
> Period.  It then drops root privilages and runs as uid mail.  Deliveries
> are not done as root, but as mail.

sorry, there is a profound difference between a) a huge program which runs as
root (dropping privs or changing uid as needed) and b) having small, easily
auditable separate processes for whatever root privs are required.

the concept of priviledge separation isn't new.  it shouldn't need to be
highlighted on a list like debian-devel.


craig