D. J. Bernstein writes:
> Sam writes:
> > Generally, it is absurd to make design decisions based on hypothetical
> > security holes in hypothetical library calls, without any factual basis to
> > warrant the hypothetical assumption.
>
> The entire purpose of qmail's uid system is to protect against
> hypothetical bugs. This saves lots of time for people reviewing
> particular aspects of qmail's security: e.g., security for root, and
> security for normal users, and security for local mail.
Sure. You're quite right. For homework, devise two other methods
whereby qmail might fetch it's UIDs. Evaluate their security risk.
Write a persuasive argument for choosing one over the over. This
assignment is due next Monday. It counts for 5% of your grade.
Have a nice vacation; happy holidays!
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
