From owner-freebsd-chat Sat Feb 3 10: 0:53 2001 Delivered-To: freebsd-chat@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 815BB37B4EC for ; Sat, 3 Feb 2001 10:00:36 -0800 (PST) Received: (qmail 72228 invoked by uid 100); 3 Feb 2001 18:00:35 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14972.18243.202141.968666@guru.mired.org> Date: Sat, 3 Feb 2001 12:00:35 -0600 (CST) To: Rahul Siddharthan Cc: Terry Lambert , j mckitrick , freebsd-chat@FreeBSD.ORG Subject: Re: D J Bernstein (was Re: quote about open source) In-Reply-To: <20010203135902.M94275@lpt.ens.fr> References: <20010202140505.B91552@dogma.freebsd-uk.eu.org> <200102022245.PAA15968@usr08.primenet.com> <20010203135902.M94275@lpt.ens.fr> X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Rahul Siddharthan types: > I admit I'm no expert in programming: but his approach to security > seems to be an innovation already, like using small independent programs > running under their own non-root UIDs, and minimising the number and > power of suid programs needed. Looks obvious, but why didn't > sendmail and bind get there first? To answer the last question - because they were written when only responsible adults had internet access, or "when we were all friends" (I think those are Eric Fair's words). Compare this to BSD Unix vs. Windows: Windows grew up in a single-tasking, single-user environment, so that if a program altered things it didn't own, it was inevitably a bug. BSD Unix grew up in a university environment, with many students with no free time trying to break into them - so it wasn't at all uncommon for a program to try something it shouldn't just to see what would happen. You might also consider the many security features of SMTP of that era. As for the approach, I'm pretty sure that those aren't original to qmail. WN & GN come to mind. There's at least one tool - I believe it's in the TIS fwtk - that ran an smtp daemon to accept messages and drop them in a queue, then ran sendmail to deliver them - the performance pretty much sucked, though. DJB was the first person to apply them to a publicly released MTA, though. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message