Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

Re: [OT] Some thoughts on security after ten years of qmail 1.0

by kyle (Abbot)
on Nov 06, 2007 at 21:24 UTC ( #649347=note: print w/replies, xml ) Need Help??

in reply to [OT] Some thoughts on security after ten years of qmail 1.0

The author tries to give the impression that qmail has been through a real usage workout (used at very large sites, has lots of installations), and I certainly can't say for sure otherwise. Still, I'm not very convinced that qmail has had the eyeballs and testing to really call it as solid as the author would like to call it.

I had a look at the Debian popularity contest numbers. There are four times more sendmail installations than qmail, and there are eight times more Postfix installations than sendmail. All of these are well behind exim, which is Debian's default.

The author tries to argue that minimizing privileges of trusted code is a distraction. He basically says that if it's trusted and it has a bug, it's still a security problem. That's true as far as it goes, but I think it misses the point of minimizing privileges. The point is to reduce the severity of problems created by bugs. This is similar to how I reduce the severity of my daughter's injuries by letting her use safety scissors rather than a chainsaw. Sure, she could still put an eye out if she really tries, but if I've saved her from losing a limb, I think it's a good policy. Sometimes you can't (or don't have time to) fix all the bugs in a program, but you can make the bugs it has do less damage.

He has good things to say about being secure but less efficient, as clinton has already highlighted.

  • Comment on Re: [OT] Some thoughts on security after ten years of qmail 1.0

Replies are listed 'Best First'.
Re^2: [OT] Some thoughts on security after ten years of qmail 1.0
by tilly (Archbishop) on Nov 07, 2007 at 02:08 UTC
    I guarantee that qmail has been through the workout that he describes.

    I have no idea what current stats are, but his claim is based on things like this survey he did in late 2001. Based on those numbers, qmail certainly was widely used, particularly at very busy sites. (Particularly Critical Path.) To the best of my knowledge it still is popular for busy sites, though it is not widely deployed among home users. (Which is what the Debian popularity contest shows.) Furthermore his licensing makes it much less popular for a system like Debian. Not only is his software not free by Debian standards, but he does not allow vendors to change his filesystem layout for qmail. That reduces acceptance quite a bit.

    Also given the security claims he made for it then, and the reputation he has, I guarantee that his codebase has been audited. (In fact I personally know more than one person who has audited his code.) That he would only have 4 bugs reported is (by industry standards) nothing short of astounding. Even though further review might find more bugs, I'm confident it wouldn't find many more. And it would certainly not find anything close to the number of problems that there are in sendmail.

    In short, when it comes to security, Dan Bernstein has a well-deserved reputation as an overbearing obnoxious jerk. But he has earned the right to be one, and you should take him seriously.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://649347]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (5)
As of 2022-08-10 20:26 GMT
Find Nodes?
    Voting Booth?

    No recent polls found