[ On Saturday, July 8, 2000 at 12:02:20 (-0400), Richard Welty wrote: ]
> Subject: Re: [Exim] Question about exims security vs qmail?
>
> exim's design came from a different place; it doesn't have the strong
> security model
I don't think there's anything fundamental about the security model of
exim (or smail or sendmail) which is less "strong" in general than that
of Postfix or qmail.
The only problem is that traditionally it has been "difficult" to
securely implement this model. Smail showed that there were ways to
approach the problems which avoided these difficulties, and Exim takes
those ideas even further. (eg. never trusting either the content or
length of input supplied by the user, either over the network or
locally, and always protecting trusted actions)
There are still risks possible in the implementation of this model (as
have been demonstrated in real life with sendmail, and to some extent
with smail too! ;-), but I don't think it's fair to say that the
sendmail/smail/exim model itself is weak.
I.e. I don't think it is possible any more to show that it is
fundamentally easier to implement the qmail/Postfix model than it is to
implement the sendmail/smail/exim model, and thus that argument for
declaring that the latter is more weak is unfounded. There may be other
arguments stating that one model is better than the other that I'm
forgetting at the moment though....
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@???> <robohack!woods>
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>
