Pier mentioned this point repeatedly, asserting that security can be gained by running the various pieces of the MTA under different users' privileges. Since I also lack sysadmin experience, I wonder if someone could tell me the motivation for this precaution. Historically, what went wrong that caused sysadmins to prefer running separate pieces of an MTA under separate users' privileges?
You are correct, it is a holdover from dealing with so many applications written in C. The paranoia comes from what's called a buffer overflow exploit. In C, if you write special data into memory that goes beyond the end of an allocated memory chunk, then the attacker can gain access to a shell prompt running as the owner of the process. This means, if you were running it as root, the attacker now has root access. However, if you segment the whole setup into multiple pieces with multiple users and one of the pieces suffers from a buffer overflow exploit, then the attacker only gains access to a very small piece of the system. It's all about minimizing the potential damage should a programming bug be found.
Java however doesn't suffer from this kind of attack because the JVM does bounds checking on your memory, so you can't overflow a buffer.
Kenny Smith JournalScape.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
