Marc Haber <exim-users.exim.org@???> probably said:
> I feel that exim being a monolithic setuid binary is a major risk.
> Even if there is no exploit, the mere chance of exim being vulnerable
> this way is a big argument that is heavily used by qmail and postfix
> advocates. But probably changing this into a small, control process
> running as root and doing work in non-setuid binaries that are only
> invoked with user privileges would be too big a change.
This is very arguable.
exim's code is very modular, which gives it a much lower risk even
monolithic, and as has been shown with postfix and other things it is
possible to have far more problems with inter-process and
inter-section communication than problems caused by well designed
monolithic binaries.
Swings and roundabouts - try and avoid one problem, you walk into a
lot more.
P.
--
pir pir@??? pir@???
