Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- To: tlug@example.com
- Subject: tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Date: Mon, 12 Jun 2000 12:17:57 +0900 (JST)
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain; charset=us-ascii
- In-Reply-To: <m3wvjvhbih.fsf@example.com>
- References: <lists.tlug/20000608155930.D18580@example.com><lists.tlug/20000609125846.H766@example.com><lists.tlug/20000609134545.V254@example.com><lists.tlug/20000609134543.M766@example.com><lists.tlug/20000609141846.C16234@example.com><lists.tlug/slrn8k76m4.bh3.simon@example.com><lists.tlug/20000611231034.B4515@example.com><lists.tlug/slrn8k77ip.bh3.simon@example.com><lists.tlug/20000611231832.C4515@example.com><slrn8k785f.bh3.simon@example.com><m3wvjvhbih.fsf@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug
>>>>> "sb" == SL Baur <steve@example.com> writes:
sb> Simon Cozens <simon@example.com> writes in tlug@example.com:
>> I've been meaning to look into postfix, but all the articles
>> I've read about it make it sound fiendishly complex,
sb> "Fiendishly complex" would be overstating it, I believe. The
sb> version I looked at was more complex to configure than
sb> sendmail though.
>> and complexity isn't always a virtue when security is
>> concerned.
sb> When is it ever a virtue (wrt security)?
When you're out and want to get in. Isn't that obvious? :-9
More seriously, if you want to have a complex policy, then complex
configuration will be required. Eg, open relay vs. no relay is
simple to configure, but unacceptable for a gateway machine.
To implement arbitrary policy, you need Turing capability in your
enforcement engine. It doesn't get more complex than that ;-)
All you can do is make it easy to implement certain common complex
policies. If you insist on a simple configuration language, then
other complex policies will be unimplementable.
--
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091
_________________ _________________ _________________ _________________
What are those straight lines for? "XEmacs rules."
-----------------------------------------------------------------------
Next Meeting (w/ YLUG): June 16 (Fri) 19:00 Mizonoguchi Marui Family 12F
Next Technical Meeting: July 8 (Sat) 13:30 Topic: TBA
-----------------------------------------------------------------------
more info: http://www.tlug.gr.jp Sponsor: Global Online Japan
- Follow-Ups:
- tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- From: SL Baur <steve@example.com>
- tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- References:
- Re: tlug: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- From: simon@example.com (Simon Cozens)
- tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- From: SL Baur <steve@example.com>
- Re: tlug: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- Prev by Date: Re: tlug: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- Next by Date: Re: tlug: Re: MS ordered split
- Prev by thread: tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- Next by thread: tlug: Re: [sendmail-security@example.com: Sendmail Workaround for Linux Capabilities Bug]
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |