On 2023/10/01 14:14, ports@phosphorus.com.br wrote:
> Inline.
>
> On 9/30/23 10:57, Theo de Raadt wrote:
> > ports@phosphorus.com.br wrote:
> >
> > > Unfortunately I like/use exim for years - pretty simple config file syntax.
> > Yes, you like unsafe software.
> That hurts, but yes, seems like. Until a brave guy stops to
> code and make the patches inserting privsep into exim.
it's not a "just insert some patches" thing, it would mean a big
re-design.
"brave" isn't a required attribute for doing work like that.
"smart", maybe.
and, "guy"? that just doesn't come into it.
> > > https://seclists.org/oss-sec/2023/q3/254
> > >
> > > So... I suppose those fixes were shared also with Exim's OpenBSD manteiners?
> > Wow. Are you not listening? They didn't fix anything.
> >
> Would you recommend alternatives also with a monolithic-like
> and easy configuration file?
the monolithic design is part of the problem.
it makes it hard to run various parts of the system with minimum
privileges.
this segregated multiple process design seen early on with qmail and
vmailer (now postfix) is a pretty good way to improve safety. in
particular it means the OS/MMU can provide memory protection between the
different parts of the system.
No comments:
Post a Comment