On Mon, 13 Dec 2010, Graeme Fowler wrote:
> To cut to the chase (I hope I'm not really as dumb as I make out): are
> we looking at a significant architectural change here, really? It
> strikes me that having a single binary responsible for everything is a
> bit of a limiting factor in terms of risk management, especially given
> the setuid nature of the installation. If we separated out the local
> delivery process (for example) to be a binary in and of itself then the
> potential for exploitation is reduced.
It was a common criticism of sendmail that it was one monolithic binary,
where a bug in one part gets you access to the whole; the criticism was
easily transferred to Exim subsequently. The critics were generally qmail
supporters, but probably postfixers too - I know fairly little of either,
but I'm sure others here could speak to the ways that they have gone
around separating out the different functions of the MTA (MDA, etc) into
separate binaries.
I'm sure Philip has passed commentary on this situation in the past. For
the moment, I just find the comment in paragraph 2:
http://wiki.exim.org/EximIntroduction
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK
The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.