>From: "Rich Lafferty" <[EMAIL PROTECTED]>
>
> Privilege separation in Postfix and in qmail happen to be implemented
> as separate programs, but that's an implementation issue -- it's not
> more secure *because* of the separate programs, but because of the
> privilege separation the separate programs divide. (Separate programs
> aren't necessary for privilege separation -- see recent OpenSSH
> versions for an example.)
Ahh, but this is precisely why sendmail's milter interface is ideal
here as it permits concurrent processing by other programs
running with different privileges. MimeDefang runs as a user
with no access to anything but its own spool area and is able
to start additional programs for virus scanning, etc. in that
context.
> As for whether or not the old reasons to avoid Sendmail apply, here's
> *my* reason for using Postfix and qmail on my own systems: Their
> architecture is designed from the start to be resistant to the sort
> of problems that tend to creep into everybody's code. Assuming that
> humans will make errors, I'd rather go with the approach that strives
> to minimize the effect of those errors, rather than betting on whether
> Wietse, Dan or Eric is more error-prone.
The split into separate send/receive queue runs with most operations
done under an unprivileged user id fixes most of the old conceptual
problems for sendmail and the milter interface goes beyond the
privilege separation of the others as far as I can see. Maybe postfix
has something similar, but MimeDefang doesn't support it. Unless
something has changed recently Bernstein doesn't seem to think anyone
needs functionality that he didn't think of (any more than they need
the bandwidth savings of multiple addresses per message...) so I
wouldn't expect qmail to ever allow add-in processing like that.
---
Les Mikesell
[EMAIL PROTECTED]
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
