I was reading this article[1] which was featured on LWN[2] some days ago. The blog post is about the systemd sandboxing and a possible way to prevent remote code execution as recently with the OpenSMTPD bug. In order to secure a daemon one has to know about the required syscalls, the capabilities which are needed and so son.
Would it be possible for the Exim project to provide some insights into which syscalls, capabilities, access to directores and so on are required? That would enable admins like me to restrict exim even more. Although systemd is Linux specific, using this knowledge to restrict exim could benefit installations on different systems. [1] https://www.ctrl.blog/entry/systemd-opensmtpd-hardening.html [2] https://lwn.net/Articles/812125/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
