Slashdot Mirror

← Back to Stories (view on slashdot.org)

Qmail At 10 Years — Reflections On Security

Posted by kdawson on from the eliminating-code dept.

os2man writes "Qmail is one of the most widely used MTAs on the Net and has a solid reputation for its level of security. In 'Some thoughts on security after ten years of qmail 1.0' (PDF), Daniel J. Bernstein, reviews the history and security-relevant architecture of qmail; articulates partitioning standards that qmail fails to meet; analyzes the engineering that has allowed qmail to survive this failure; and draws various conclusions regarding the future of secure programming. A good read for anyone involved in secure development."

1 of 304 comments (clear)

  1. Is a sandbox a security solution? by phoebe · · Score: 0, Redundant
    So has DJB talked with Alan Cox recently?

    "chroot is not and never has been a security tool" From the article:

    ... bugs can compromise security. Let's see how we can fix that.
    ...
    * Prohibit filesystem access: chdir and chroot to an empty directory.