Re: default MTA for sarge
* Russell Coker <russell@coker.com.au> [030716 04:11]:
> My SE Linux policy for Postfix and Qmail has different domains for each of the
> common daemon processes, this gives them greater isolation from each other
> and the rest of the system than they normally get.
That's an advantage in the current situation for postfix. (But not even
in the standard installation.) It's a bit unfair for a general comparison
of seperation in one process to seperation by process limits, as it
compares them by new things basing on processes but orthogonal roles
to user ids. A monolithic secure design with SELinux in mind would
not only drop uid-privileges but also roles, thus gaining similar
protection like a process seperated approach. (It could of course not
enforce the role to specific code segments, as disallowing the
initial code binding to a socket to spawn procmail, but might gain
from possibilities to devide within processes not effectivly splitting).
Hochachtungsvoll,
Bernhard R. Link
--
Sendmail is like emacs: A nice operating system, but missing
an editor and a MTA.
Reply to: