[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: default MTA for sarge



Op wo 16-07-2003, om 04:08 schreef Russell Coker:
> On Wed, 16 Jul 2003 11:45, Steve Langasek wrote:
> > Not to rain on a fellow exim detractor, but there's nothing inherently
> > insurmountable about auditing the code paths in a monolithic program
> > that run before privileges are dropped.  Either architecture can be
> > easily mucked up by someone making code changes that don't belong,
> > whether the boundary between privileged and unprivileged code is a
> > separate object file or a "Do not enter" sign in the source.
> 
> My experience in debugging programs is that large monolithic programs are a 
> real bitch to debug.  In a large program it's difficult to trace the flow of 
> control as functions call each other all over the source tree.

Not so in Exim, at least not before dropping the privileges. Have you
ever taken a look at the source code of exim?

It's not because the privilege separation way is a way of securing an
application, that it's the only way of doing so.

> Also there is 
> a limit to the amount of code that you can keep in your head at one time.  If 
> you can recall in general terms how 100% of a program works at one time then 
> auditing/debugging it is not so difficult.  If you can only recall 10% (due 
> to the source being 10* bigger) then it's quite difficult.  If you can recall 
> less than 1% and the program is not clearly structured (mail servers are not 
> clearly structured because of their design)

You may want to explain this statement. Creating a clearly structured
program has nothing to do with what the program does, but rather with
how it's written and how it's documented. At least that's what I was
taught in my first weeks of higher education.

[...]



Reply to: