Re: default MTA for sarge

To: Steve Langasek <vorlon@netexpress.net>, debian-devel@lists.debian.org
Subject: Re: default MTA for sarge
From: Russell Coker <russell@coker.com.au>
Date: Wed, 16 Jul 2003 12:08:58 +1000
Message-id: <[🔎] 200307161208.58757.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20030716014526.GA1183@quetzlcoatl.dodds.net>
References: <[🔎] 20030713083151.GA12971@dragon.kitenet.net> <[🔎] 20030715230506.GQ7728@taz.net.au> <[🔎] 20030716014526.GA1183@quetzlcoatl.dodds.net>

On Wed, 16 Jul 2003 11:45, Steve Langasek wrote:
> Not to rain on a fellow exim detractor, but there's nothing inherently
> insurmountable about auditing the code paths in a monolithic program
> that run before privileges are dropped.  Either architecture can be
> easily mucked up by someone making code changes that don't belong,
> whether the boundary between privileged and unprivileged code is a
> separate object file or a "Do not enter" sign in the source.

My experience in debugging programs is that large monolithic programs are a 
real bitch to debug.  In a large program it's difficult to trace the flow of 
control as functions call each other all over the source tree.  Also there is 
a limit to the amount of code that you can keep in your head at one time.  If 
you can recall in general terms how 100% of a program works at one time then 
auditing/debugging it is not so difficult.  If you can only recall 10% (due 
to the source being 10* bigger) then it's quite difficult.  If you can recall 
less than 1% and the program is not clearly structured (mail servers are not 
clearly structured because of their design) then debugging or auditing the 
code is beyond the ability of most programmers.

I doubt that I could effectively audit Exim or Sendmail.  I have tried to 
think of a Debian developer who I am confident would have the ability to do 
such auditing and I can't think of anyone (I am not saying that there isn't 
anyone, just that from what I know of the skills of the developers I can't 
name someone who I can be certain could do the job).

The autors of Postfix and Qmail are both competant at such auditing and I 
would trust them to reliably audit Sendmail and Exim.  But they spend all 
their time auditing each other's code and probably couldn't spare the time to 
audit Exim or Sendmail even if they were intersted.  ;)

PS  Any Debian developers who are interested in auditing code would probably 
achieve better results with less work by auditing coreutils...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: default MTA for sarge
  - From: Steve Langasek <vorlon@netexpress.net>
- Re: default MTA for sarge
  - From: Wouter Verhelst <wouter@nixsys.be>

References:
- default MTA for sarge
  - From: Joey Hess <joeyh@debian.org>
- Re: default MTA for sarge
  - From: Craig Sanders <cas@taz.net.au>
- Re: default MTA for sarge
  - From: Steve Langasek <vorlon@netexpress.net>

Prev by Date: Re: default MTA for sarge
Next by Date: Re: default MTA for sarge
Previous by thread: Re: default MTA for sarge
Next by thread: Re: default MTA for sarge
Index(es):
- Date
- Thread