[ On Tuesday, December 18, 2001 at 23:16:49 (-0500), Theo Schlossnagle wrote: ]
> Subject: Re: [Exim] Exim and IBM DB2
>
> I have well over 50 such machines (growing every day). Distributing
> updates to my Exim systems via propagating a shared module to all of
> these servers would be _much_ easier than modifying Exim and
> restarting. Also, the code generation and maintenance issue is
> simplified tremendously -- I don't have to recompile Exim every time I
> make a code change and I don't have to recompile my modules for new
> releases of Exim assuming the API is preserved.
You do not need dlopen() to be able to distribute new code that Exim can
use without modifying the installed Exim binary. You need only a normal
every day shared library loaded by ld.so which your installed Exim
binary has already been built to use. Exim could even always use a stub
library in order to expose an API that other developers could write new
code for Exim to use.
Obviously you need to restart it, but so go the limits of the Unix
security model. Setuid programs are secure only by virtue of having
been started by the kernel. However restarting a program like Exim is a
very simple and trivial matter -- it takes little time to do and causes
no noticable disruption. If I'm not mistaken exim effectively restarts
itself every time you want it to reload its configuration anyway
(eg. when you send it a SIGHUP does it not just exec() itself again?).
--
Greg A. Woods
+1 416 218-0098; <gwoods@???>; <g.a.woods@???>; <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>