undefined | Better HN

0 pointspeterwwillis8y ago0 comments

I don't understand what this has to do with my comment.

0 comments

> it would then have to find a way to attack the rest of the app (which qmail makes difficult).

It's not necessary to attack the rest of the app as soon as user's security requirements are violated. So if an attacker had been able to have an impact on confidentiality, integrity or availability because of your masquerading patch, user's requirements would have been broken. For an impact on availability controlling control flow isn't necessary, you just need to crash components.

peterwwillisOP8y ago

Yes, you are right. An exploit is still viable even if it doesn't attack other parts of a system.

My point was that with a default of secure design, even small exploits added via plugins are better defended against than my alternative option, which was sendmail (i'm sure Exim wouldn't have been quite as horrible as sendmail, and Postfix wasn't quite mature yet).

j / k navigate · click thread line to collapse

0 comments

irundebian8y ago

> it would then have to find a way to attack the rest of the app (which qmail makes difficult).

peterwwillisOP8y ago

Yes, you are right. An exploit is still viable even if it doesn't attack other parts of a system.

j / k navigate · click thread line to collapse