Le mer 16/07/2003 à 00:43, Craig Sanders a écrit : > and for smtpd listening too because only root can listen on ports <1024. sure, > some *parts* of a mail system have to have root priviledges, at least some of > the time. that's why modern MTAs (including postfix and qmail) are modular and > have small, easily auditable separate programs for tasks requiring elevated > privs. > > my point was that while the exim code may be currently secure, the design is > inherently insecure. it's a late 80s/early 90s design....things have changed a > lot since then, especially security requirements for MTAs on the 'net. Maybe you should point the apache guys to that issue, they don't seem to be aware of the fact they are using such a deprecated design. Regards, -- .''`. Josselin Mouette /\./\ : :' : josselin.mouette@ens-lyon.org `. `' joss@debian.org `- Debian GNU/Linux -- The power of freedom
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=