Re: default MTA for sarge
Op wo 16-07-2003, om 04:08 schreef Russell Coker:
> On Wed, 16 Jul 2003 11:45, Steve Langasek wrote:
> > Not to rain on a fellow exim detractor, but there's nothing inherently
> > insurmountable about auditing the code paths in a monolithic program
> > that run before privileges are dropped. Either architecture can be
> > easily mucked up by someone making code changes that don't belong,
> > whether the boundary between privileged and unprivileged code is a
> > separate object file or a "Do not enter" sign in the source.
>
> My experience in debugging programs is that large monolithic programs are a
> real bitch to debug. In a large program it's difficult to trace the flow of
> control as functions call each other all over the source tree.
Not so in Exim, at least not before dropping the privileges. Have you
ever taken a look at the source code of exim?
It's not because the privilege separation way is a way of securing an
application, that it's the only way of doing so.
> Also there is
> a limit to the amount of code that you can keep in your head at one time. If
> you can recall in general terms how 100% of a program works at one time then
> auditing/debugging it is not so difficult. If you can only recall 10% (due
> to the source being 10* bigger) then it's quite difficult. If you can recall
> less than 1% and the program is not clearly structured (mail servers are not
> clearly structured because of their design)
You may want to explain this statement. Creating a clearly structured
program has nothing to do with what the program does, but rather with
how it's written and how it's documented. At least that's what I was
taught in my first weeks of higher education.
[...]
Reply to: