On Mon, 13 Dec 2010, Graeme Fowler wrote: > To cut to the chase (I hope I'm not really as dumb as I make out): are > we looking at a significant architectural change here, really? It > strikes me that having a single binary responsible for everything is a > bit of a limiting factor in terms of risk management, especially given > the setuid nature of the installation. If we separated out the local > delivery process (for example) to be a binary in and of itself then the > potential for exploitation is reduced.
It was a common criticism of sendmail that it was one monolithic binary, where a bug in one part gets you access to the whole; the criticism was easily transferred to Exim subsequently. The critics were generally qmail supporters, but probably postfixers too - I know fairly little of either, but I'm sure others here could speak to the ways that they have gone around separating out the different functions of the MTA (MDA, etc) into separate binaries. I'm sure Philip has passed commentary on this situation in the past. For the moment, I just find the comment in paragraph 2: http://wiki.exim.org/EximIntroduction Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
