Steve Brewin escribió:
Achieving sysadm trust is not the same as achieving a maximally hardened
solution. Perhaps James could achieve a level of trust from some Unix
sysadms by making it possible to mirror the deployment environments that
they trust. Fine. But as developers we shouldn't be blind
Santiago Gala wrote:
I think a good equilibrium point between the marketing view of
security (making sysadms trust) and purist java technical view would be
to allow James not having to run as root under Unix (to handle protected
ports like 25, 110, etc.) and then securing the rest of the
On Wednesday, July 2, 2003, at 10:46 AM, Serge Knystautas wrote:
Santiago Gala wrote:
I think a good equilibrium point between the marketing view of
security (making sysadms trust) and purist java technical view would
be to allow James not having to run as root under Unix (to handle
protected
On Wednesday, July 2, 2003, at 07:46 AM, Serge Knystautas wrote:
Santiago Gala wrote:
I think a good equilibrium point between the marketing view of
security (making sysadms trust) and purist java technical view would
be to allow James not having to run as root under Unix (to handle
protected
Serge Knystautas escribió:
Santiago Gala wrote:
I think a good equilibrium point between the marketing view of
security (making sysadms trust) and purist java technical view would
be to allow James not having to run as root under Unix (to handle
protected ports like 25, 110, etc.) and then
Some random thoughts--aside from the personal defense against a
perceived attack which I'm not wanting to get involved with. :)
On Wednesday, July 2, 2003, at 12:53 AM, Steve Brewin wrote:
I did say I'm sure that everyone is in favour of hardening James as
much as
possible. Its just that we
* Ask Bjoern Hansen ([EMAIL PROTECTED]) wrote :
On Wed, 2 Jul 2003, James Duncan Davidson wrote:
By changing their id after they launch as root. setuid. Pretty common
thing to do. See man setuid.
With qmail it's even more separated. There's a small program that
opens the port and then
On Sat, 2003-06-28 at 21:06, Stefano Mazzocchi wrote:
Look: everybody on this planet hates sendmail,
That's pretty much a misconception. Sendmail might have a large number
of people that don't like the monolitic approach, but you will find
just as well loads of people that consider sendmail
On 28/6/03 8:06 pm, Stefano Mazzocchi [EMAIL PROTECTED] wrote:
Reading your post that dismiss the UNIX sysadm fears as a think of the
past [...]
Yeah... And I believe that now I'm finally on the other side... I'll tell
you one thing. SHIT happens, whether you use Qmail, Notes or James. And
Pier,
Yeah... And I believe that now I'm finally on the other side... I'll tell
you one thing. SHIT happens, whether you use Qmail, Notes or James. And
unfortunately YOU are not the ones who get paged at 11:30 pm out
on a dinner
date because the friggin's server has gone down...
Actually
Danny Angus wrote, On 29/06/2003 13.27:
...
James has been described by someone as Apache's best kept secret. I met some guys (ASF members) a year or so ago and some of them were unaware that the ASF had a mailserver project.
James is a killer project, based on solid ideas and in my company
On 27/6/03 17:37, Stefano Mazzocchi [EMAIL PROTECTED] wrote:
And they go around saying that JCP means innovation.
Aren't the same people right now are saying that Java DOT-NET means
community-based software development???
I guess that in a world of perennial stagnation, anything that changes
on 6/27/03 5:37 PM Steve Brewin wrote:
- the chance of a JVM exploit.
- potential exploits via native code in
a JDBC driver.
- the use of native code in matchers/mailets,
e.g., the anti-virus matcher.
---
- the use of third party
I admit that doing that is not my highest priority right now. We've
got a lot of nice new contributions that need to be merged.
Noel, I'm not suggesting that you do do it, certainly not that
you do it soon either, chill out man!
LOL Don't worry. It hadn't even occured to me to take it
On 26/6/03 23:37, Noel J. Bergman [EMAIL PROTECTED] wrote:
Pier had pretty rock solid arguments *not* to use JAMES as a MTA
and all came from the sysadm paranoia
One example would be that you run James as root in order to access the
privileged ports. And if James runs as root for the
From: Adrian Sutton [EMAIL PROTECTED]
On which platforms? And are we talking about the same thing? Are you
saying that if I do
export CATALINA_BASE=/site1; startup.sh
export CATALINA_BASE=/site2; startup.sh
export CATALINA_BASE=/site3; startup.sh
...
export
Well, all decent OSes... You won't find fork in stupid WindoSH...
According to market researcher OneStat.com, Windows now controls 97.46
percent of the global desktop operating system market, compared to just 1.43
percent for Apple Macintosh and 0.26 percent for Linux.
Do you have statistics on
Stephano wrote:
And in order to do this, we must commit a few sins, one of which could
be compiling our existing code for .NET CLI
Funny you should mention that... because I'm porting the Mailet API to .NET.
The problem isn't with the API, but with the dependance on javax.mail in
particular
Don't know if Pier is subscribed to James-dev ..
-Original Message-
From: Richard O. Hammer [mailto:[EMAIL PROTECTED]
Sent: 27 June 2003 15:02
To: James Developers List
Subject: Re: WORA Considered Evil ;-)
Pier Fumagalli wrote:
All those components must run ... (for security
Stefano Mazzocchi wrote:
1) we have no access to the JVM code, we can't make it faster, even if
we wanted and knew how (java would be *so* much faster if we could
reimplement part of the standard library natively! expecially Strings!)
But you can reimplement parts of the standard library
Steve and Kenny,
There is a balance. Not all of Pier's issues may apply, but many of the
important ones do.
Frankly, I don't want to run anything at root that can avoid it. That is
just good practice.
Consider Vincenzo's anti-spam matcher. Would you want that to run as root?
I am not
I don't see Java as glue because it portrays integration with
non-Java as anathema.
It favors portability, which means that the abstractions have to be
portable. No reason why you can't have glue classes using JNI to call
things, but I would expect whatever is part of a standard distribution
Noel,
I'm sure that everyone is in favour of hardening James as much as possible.
Its just that we should approach it from a Java perspective, not a C on Unix
one. The issues are different.
Frankly, I don't want to run anything at root that can avoid
it. That is
just good practice.
Sure,
[WORA] is the reason why we basically we have mod_* where * is any
programming language, but not mod_java
for apache 2.0, a JNI-based mod_java is perfectly valid
architecturarely, but nobody works on it
Well, there seems to be a JNI (in-process) worker on some platforms, but
personally I
At 04:03 PM 26/06/2003, you wrote:
True, Java is not a systems
programming language. But without WORA, I do
not believe that Java would have the success that it has on the
server.
Yes. As dogmatic as Sun has been about pure Java it's still a
success factor in the adoption of Java. There's still
Glen Stampoultzis [EMAIL PROTECTED] writes:
Yes. As dogmatic as Sun has been about pure Java it's still a
success factor in the adoption of Java. There's still no other
platform out there that makes it as easy as Java to write for
multiple platforms.
Errr... really?
--
David N. Welton
on 6/26/03 8:03 AM David N. Welton wrote:
Glen Stampoultzis [EMAIL PROTECTED] writes:
Yes. As dogmatic as Sun has been about pure Java it's still a
success factor in the adoption of Java. There's still no other
platform out there that makes it as easy as Java to write for
multiple
on 6/26/03 11:28 AM Stefano Mazzocchi wrote:
So, we created the Mailet API and started JAMES, later we had Federico
involved that did most of the coding.
The above is not painting the picture correctly. Federico did the POP3
server and the first Avalon integration, while Serge did the SMTP
[Reply in multiple pieces based on sub-topic]
A problem with multiple JVM instances is the lack of sharing between
multiple instances.
on some operating systems, different JVMs share as much as 80% of
their memory.
I would like to see the JVM/JIT generate and share common class
code
[Reply in multiple, shorter, pieces based on sub-topic]
However, having something like httpd front-end lots of backend JVMs on
multiple machines is nice.
Hey, I know that. I was one of the designers of mod_jserv, you know? ;-)
Let me think ... mod_jserv ... would that be the thing I
On which platforms? And are we talking about the same thing? Are you
saying that if I do
export CATALINA_BASE=/site1; startup.sh
export CATALINA_BASE=/site2; startup.sh
export CATALINA_BASE=/site3; startup.sh
...
export CATALINA_BASE=/siteN; startup.sh
service james start
that the N
[Reply in multiple pieces based on sub-topic]
A few months ago, I had a very interesting conversation with Pier on
JAMES.
Thanks for the background. I'd heard some of it from Serge over time. And
the servlet topic gets brought up from time to time by people who see the
obvious similarities,
And now for the fun part...
On 26/6/03 17:28, Stefano Mazzocchi [EMAIL PROTECTED] wrote:
[...]
Java doesn't have concepts like native process forking capabilities, no
notion of OS security, nothing that cannot be found in all OS is present
and, if present in different ways, it's virtualized.
33 matches
Mail list logo