Re: default MTA for sarge
* Craig Sanders <cas@taz.net.au> [030716 01:10]:
> sorry, there is a profound difference between a) a huge program which runs as
> root (dropping privs or changing uid as needed) and b) having small, easily
> auditable separate processes for whatever root privs are required.
The first difference coming to my mind is that many small programs are
inherently *less* secure, as they give a false feeling of security to
the programmers. (After all, it's about a secure design and to seperate
differently trusted sections of code. And thinking about the conseqences
over process-borders is much harder).
> the concept of priviledge separation isn't new. it shouldn't need to be
> highlighted on a list like debian-devel.
But it should be highlighted, that it is the same like with other
things like object orientated programming and so many other things:
I've seen many examples written in C++ with worse object orientated
design than for example the C bindings of gtk.
Or if you like examples of non-computer-related things, image how
doors locking automagically when shut may severely reduce a building's
security...
Hochachtungsvoll,
Bernhard R. Link
--
Sendmail is like emacs: A nice operating system, but missing
an editor and a MTA.
Reply to: