Re: zmailer

[Andy Poling <andy@realbig.com>]

On Thu, 24 Jul 1997, Alexis Yushin wrote:
> Once Matti Aarnio wrote:
> >	I have a priorization at checking on things:
> >	- is it potential security leak ?
> >	- does it cause core-drops ?
> >	- is it slow ?
> >	- is it too ugly to watch ?
> >	- all other stimuli I get
> >	Order of the last three may vary.
> 
>         Yes, but I think the highest priority still should be
> core dumps/misbehaviour because on in a large scale environments
> like what ZMailer is supposed to be used in the worst thing is
> when the thing breaks down at nigh or trash some mail. You may
> be hacked once or not and they may succeed or not but if it
> misbehaves you are definitely in trouble. Can make a company out
> of business as well, half a day of no mail is enough for it in
> fact.

Sorry Alexis, but you're just plain wrong.  You must have never suffered a
security incident, or you would know that absolutely *nothing* is worse.  A
bad security incident can put a company out of business in seconds.
Otherwise, it will still take much more work to recover from a security
incident than a core dump in your mail system.

If nothing else, those naughty child monkey-see-monkey-do "crackers" are
usually more malicious than any programming error in ZMAILER.  :-)

I think Matti's priority list is correct, though I would list "does it cause
misbehavior without a memory fault?" before "does it cause core-drops ?"
since they can be much harder to spot/debug.

If core dumps worry you more than security, just send us all your root
password and we'll check your $POSTOFFICE directory for core dumps once in a
while. :-) :-) :-)

-Andy

Global Auctions