FC4 slimfast slimfest
Paul A. Houle
ph18 at cornell.edu
Fri Feb 25 14:01:11 UTC 2005
On Thu, 24 Feb 2005 16:50:55 -0600, Jason L Tibbitts III
<tibbs at math.uh.edu> wrote:
>>>>>> "NM" == Nicolas Mailhot <Nicolas.Mailhot at laPoste.net> writes:
>
> NM> You do know that postfix design is a common example in advanced
> NM> security CS courses right ?
>
> What on Earth does that have to do with anything? I'm sure advanced
> race mechanics study Ferrari engines, but I don't need one to drive to
> the store.
>
> I guess what you're trying to say is that all of the extra stuff that
> Postfix comes with is secure, so it doesn't hurt anything to have it
> on the machine. That's something definitely contradicted by those
> advanced security CS courses you speak of.
>
Most real postfix installations aren't going to be qualified as secure by
the authors of postfix, because if you want to implement POP
authentication you need to install Cyrus SASL -- which is the kind of
"security" software that introduces two buffer overflows for every
security hole it plugs. Throw in an average virus filter
(see
http://news.com.com/Take+three+Antivirus+apps+could+spread+infection/2100-1002_3-5589439.html?tag=nefd.top)
and spam filter and I know it can be cracked. If you made a homebrew
system, it's likely that nobody's going to spend the time to weaponize an
attack, but ship an integrated system with every copy of FC4 and it's
worth the effort.
More information about the fedora-devel-list
mailing list