Thanx for all the responses, especially Daniel.
And as Wietse says, lets close the thread...
Regards
On Tue, Feb 1, 2011 at 2:00 AM, Wietse Venema wrote:
> Victor Duchovni:
>> On Mon, Jan 31, 2011 at 05:06:08AM +0100, Morten P.D. Stevens wrote:
>>
>> > Whatever you use, postfix or sendmail ...
Victor Duchovni:
> On Mon, Jan 31, 2011 at 05:06:08AM +0100, Morten P.D. Stevens wrote:
>
> > Whatever you use, postfix or sendmail ... the theoretical risk of
> > attack is exactly the same.
>
> This is nonsense, design matters. Some software is safer by design.
>
> Implementation flaws are sti
On Mon, Jan 31, 2011 at 05:06:08AM +0100, Morten P.D. Stevens wrote:
> Whatever you use, postfix or sendmail ... the theoretical risk of
> attack is exactly the same.
This is nonsense, design matters. Some software is safer by design.
Implementation flaws are still possible, but in *safer by des
2011/1/31 varad gupta :
>
> But then, is postfix not running the same risk as "sendmail" ?
Sendmail is not a security risk. These are old horror stories. Why use big
companies like IBM or Red Hat still sendmail when postfix is supposed to be so
much safer? Why is sendmail the default MTA on Sola
On Jan 30, 2011, at 6:50 PM, Chris Tandiono wrote:
> On 30 Jan 2011, at 18:46 , Victor Duchovni wrote:
>
>> On Mon, Jan 31, 2011 at 08:02:28AM +0530, varad gupta wrote:
>>
>>> Thanx for all the replies - I now understand the reason for master
>>> daemon to run with superuser privileges. They we
On 30 Jan 2011, at 18:46 , Victor Duchovni wrote:
> On Mon, Jan 31, 2011 at 08:02:28AM +0530, varad gupta wrote:
>
>> Thanx for all the replies - I now understand the reason for master
>> daemon to run with superuser privileges. They were really helpful.
>>
>> But then, is postfix not running th
No, quite the opposite. It takes privileges to "drop" privileges. A well
designed system (such as Postfix) is *more* secure by in part using root
privileges to enable it to operate in multiple security contexts.
My short maxim for this is indebted to a marketing campaign:
http://en.wikipe
On Mon, Jan 31, 2011 at 08:02:28AM +0530, varad gupta wrote:
> Thanx for all the replies - I now understand the reason for master
> daemon to run with superuser privileges. They were really helpful.
>
> But then, is postfix not running the same risk as "sendmail" ?
No.
> Does it mean, that unle
ster as root (the same reason for running
>> other processes as unprivileged) ?
>
> No, quite the opposite. It takes privileges to "drop" privileges. A well
> designed system (such as Postfix) is *more* secure by in part using root
> privileges to enable it to operate in
*more* secure by in part using root
privileges to enable it to operate in multiple security contexts.
My short maxim for this is indebted to a marketing campaign:
http://en.wikipedia.org/wiki/Frank_Perdue
"it takes a tough man to make a tender chicken"
By which I mean that
varad gupta:
> Hi
>
> A colleague asked me a question to which I had not given much thought before.
>
> We all know that most postfix daemons/services run as unpriviliged
> users (apart from local and virtual) but the master daemon runs with
> root privileges?
>
&g
* varad gupta :
> Hi
>
> A colleague asked me a question to which I had not given much thought before.
That happens from time to time :)
> We all know that most postfix daemons/services run as unpriviliged
> users (apart from local and virtual) but the master daemon runs with
&g
Hi
A colleague asked me a question to which I had not given much thought before.
We all know that most postfix daemons/services run as unpriviliged
users (apart from local and virtual) but the master daemon runs with
root privileges?
Is it not a risk running master as root (the same reason for
13 matches
Mail list logo
