Why does dovecot require mysql?

Scot L. Harris webid at cfl.rr.com
Mon Jan 17 16:34:39 UTC 2005


On Mon, 2005-01-17 at 04:08, Rahul Sundaram wrote:
> Hi
> 
> > > You are overstating the security risk of a single library package that
> > > is unused.
> > >
> > 
> > Single library?  It looked to me as if the whole set of files that make
> > up mysql and postgresql were being pulled in and loaded on the system.
> 
> 
> bloat is a more valid point that security risks IMHO.
> 
> disabled services dont present much of a security risk. 

Bloat is good enough reason to split these dependencies out.  No
argument there.

But don't ignore the security implications.  Having unneeded code on the
system even with the service disabled may provide someone with access to
the system (either a known user or a hacker that gets user level
privileges through another exploit) the boot strap needed to get root
privileges.  

Difficult? Yes.  But by using best practices and keeping as much unused
unneeded code off a server as possible you eliminate such possibilities
100%.  


-- 
Scot L. Harris
webid at cfl.rr.com

It's a very *__UN*lucky week in which to be took dead.
		-- Churchy La Femme 




More information about the fedora-list mailing list