[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: default MTA for sarge

* Craig Sanders <cas@taz.net.au> [030716 01:10]:
> sorry, there is a profound difference between a) a huge program which runs as
> root (dropping privs or changing uid as needed) and b) having small, easily
> auditable separate processes for whatever root privs are required.

The first difference coming to my mind is that many small programs are
inherently *less* secure, as they give a false feeling of security to
the programmers. (After all, it's about a secure design and to seperate
differently trusted sections of code. And thinking about the conseqences
over process-borders is much harder).

> the concept of priviledge separation isn't new.  it shouldn't need to be
> highlighted on a list like debian-devel.

But it should be highlighted, that it is the same like with other
things like object orientated programming and so many other things:
I've seen many examples written in C++ with worse object orientated
design than for example the C bindings of gtk.

Or if you like examples of non-computer-related things, image how
doors locking automagically when shut may severely reduce a building's

  Bernhard R. Link

Sendmail is like emacs: A nice operating system, but missing
an editor and a MTA.

Reply to: