From owner-freebsd-current Thu Jan 2 11:23:14 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DAD8E37B401 for ; Thu, 2 Jan 2003 11:23:12 -0800 (PST) Received: from puffin.mail.pas.earthlink.net (puffin.mail.pas.earthlink.net [207.217.120.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E31043E4A for ; Thu, 2 Jan 2003 11:23:12 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from pool0545.cvx40-bradley.dialup.earthlink.net ([216.244.44.35] helo=mindspring.com) by puffin.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 18UAvo-0005SB-00; Thu, 02 Jan 2003 11:23:05 -0800 Message-ID: <3E149148.83AA6E9B@mindspring.com> Date: Thu, 02 Jan 2003 11:21:44 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: sthaug@nethelp.no Cc: freebsd-current@FreeBSD.ORG Subject: Re: 5.0-RC2 informal PR: 90 sec sendmail delay References: <3E13D095.FC52B758@mindspring.com> <7931.1041493203@verdi.nethelp.no> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a40dd86307d9193c21aa6b0bd5ab8a1d08a8438e0f32a48e08350badd9bab72f9c350badd9bab72f9c Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG sthaug@nethelp.no wrote: > > > If there are problems, the authors would like to hear > > > about it directly, instead of reading it in some mailing > > > list by accident... > > > > It's an editorial complaint. I don't like the breaking the > > program into seperate programs by function. IMO, DJB is wrong, > > and this does nothing to enhance security. > > It's not only DJB. Take a look at Postfix, which also has a good > reputation for security. Postfix consists of separate programs > with well defined privileges. Wietse Venema has been quite clear > that such a separation was the only way he could guarantee the > security of Postfix. Functional decomosition is only a tool. It is not the sole tool capable of performing any task. I understand why Wietse felt that way, but his feeling that way doesn't make it true, any more than Daniel feeling that way makes it true. In fact, in this case, the only thing it succeeds in doing is to provide insurance that a breech will be constrained to a lesser (user) priviledge level, rather than providing protection against the breech occurring in the first place. It's basically nothing more than a containment protocol. FWIW, I think doctors should treat diseases, and not merely the symptoms. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message