Re: default MTA for sarge

To: debian-devel@lists.debian.org
Subject: Re: default MTA for sarge
From: Steve Langasek <vorlon@netexpress.net>
Date: Tue, 15 Jul 2003 21:16:22 -0500
Message-id: <[🔎] 20030716021618.GB1183@quetzlcoatl.dodds.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 200307161208.58757.russell@coker.com.au>
References: <[🔎] 20030713083151.GA12971@dragon.kitenet.net> <[🔎] 20030715230506.GQ7728@taz.net.au> <[🔎] 20030716014526.GA1183@quetzlcoatl.dodds.net> <[🔎] 200307161208.58757.russell@coker.com.au>

On Wed, Jul 16, 2003 at 12:08:58PM +1000, Russell Coker wrote:
> On Wed, 16 Jul 2003 11:45, Steve Langasek wrote:
> > Not to rain on a fellow exim detractor, but there's nothing inherently
> > insurmountable about auditing the code paths in a monolithic program
> > that run before privileges are dropped.  Either architecture can be
> > easily mucked up by someone making code changes that don't belong,
> > whether the boundary between privileged and unprivileged code is a
> > separate object file or a "Do not enter" sign in the source.

> My experience in debugging programs is that large monolithic programs are a 
> real bitch to debug.  In a large program it's difficult to trace the flow of 
> control as functions call each other all over the source tree.  Also there is 
> a limit to the amount of code that you can keep in your head at one time.  If 
> you can recall in general terms how 100% of a program works at one time then 
> auditing/debugging it is not so difficult.  If you can only recall 10% (due 
> to the source being 10* bigger) then it's quite difficult.  If you can recall 
> less than 1% and the program is not clearly structured (mail servers are not 
> clearly structured because of their design) then debugging or auditing the 
> code is beyond the ability of most programmers.

> I doubt that I could effectively audit Exim or Sendmail.  I have tried to 
> think of a Debian developer who I am confident would have the ability to do 
> such auditing and I can't think of anyone (I am not saying that there isn't 
> anyone, just that from what I know of the skills of the developers I can't 
> name someone who I can be certain could do the job).

Never having looked at the code to exim, I can't comment on the
specifics of the architecture; I do, however, maintain that in a
well-structured codebase, there is a clear delineation between
privileged and non-privileged code, whether monolithic or not, such that
the difference in the amount of code that needs to be audited is
negligible.  It may be that exim's code is not so well structured, which
is something to consider -- but the claim being advanced was that exim's
flaw is the monolithic form factor.

-- 
Steve Langasek
postmodern programmer

Attachment: pgpohgVQE5ues.pgp
Description: PGP signature

Reply to:

References:
- default MTA for sarge
  - From: Joey Hess <joeyh@debian.org>
- Re: default MTA for sarge
  - From: Craig Sanders <cas@taz.net.au>
- Re: default MTA for sarge
  - From: Steve Langasek <vorlon@netexpress.net>
- Re: default MTA for sarge
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: mplayer
Next by Date: Re: default MTA for sarge
Previous by thread: Re: default MTA for sarge
Next by thread: Re: default MTA for sarge
Index(es):
- Date
- Thread