[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: default MTA for sarge

* Russell Coker <russell@coker.com.au> [030716 04:11]:
> My SE Linux policy for Postfix and Qmail has different domains for each of the 
> common daemon processes, this gives them greater isolation from each other 
> and the rest of the system than they normally get.  

That's an advantage in the current situation for postfix. (But not even
in the standard installation.) It's a bit unfair for a general comparison 
of seperation in one process to seperation by process limits, as it
compares them by new things basing on processes but orthogonal roles
to user ids.  A monolithic secure design with SELinux in mind would
not only drop uid-privileges but also roles, thus gaining similar
protection like a process seperated approach. (It could of course not
enforce the role to specific code segments, as disallowing the
initial code binding to a socket to spawn procmail, but might gain
from possibilities to devide within processes not effectivly splitting). 

  Bernhard R. Link

Sendmail is like emacs: A nice operating system, but missing
an editor and a MTA.

Reply to: