Why does dovecot require mysql?
Scot L. Harris
webid at cfl.rr.com
Mon Jan 17 16:34:39 UTC 2005
On Mon, 2005-01-17 at 04:08, Rahul Sundaram wrote:
> Hi
>
> > > You are overstating the security risk of a single library package that
> > > is unused.
> > >
> >
> > Single library? It looked to me as if the whole set of files that make
> > up mysql and postgresql were being pulled in and loaded on the system.
>
>
> bloat is a more valid point that security risks IMHO.
>
> disabled services dont present much of a security risk.
Bloat is good enough reason to split these dependencies out. No
argument there.
But don't ignore the security implications. Having unneeded code on the
system even with the service disabled may provide someone with access to
the system (either a known user or a hacker that gets user level
privileges through another exploit) the boot strap needed to get root
privileges.
Difficult? Yes. But by using best practices and keeping as much unused
unneeded code off a server as possible you eliminate such possibilities
100%.
--
Scot L. Harris
webid at cfl.rr.com
It's a very *__UN*lucky week in which to be took dead.
-- Churchy La Femme
More information about the fedora-list
mailing list