[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 18 July 2002 11:50 am, Simon Waters wrote:
to be greeted by a nice simple exim config ;)Come on Theo, Exim has a worse security history than BIND 9 ;)
ohh dear, here we go ;)
If you find yourself at lunch again lobby for Postfix or qmail please....
postfux is great from what i've played with it, qmail, i've not really played that much with, but heard lots of good thigns about it... I'm a hardcore exim fan, it does waht I need it too perfectly, and although i have a few quibbles with exim4, easily fixed them by coding it , and it is nie clean code on the whole. however, courier is looking increasinly sexy - especialy for soho use, nie and easy to configure, and all fits together nicly - hwoever the quality of the mta is yet to be proved, i've never touched it. any comments on any of them? it may be time for me to write a nice simple sexy MTA, designed for an ISP's needs (not one designed to try to cater for ewveryones needs), threaded, taking advantange of libc6, etc... Hmm, reminds me, i knocked up a small webserver for a proof of concept a few nights ago before i went mad with work, take a peek if you are interested.. http://theo.me.uk/pages.shtml?page=zhpd it was literally knocked up in a few hours, so it's not exactly stable or workign right yet, but it does serve HTML, and has soem very odd autoindex ways (images don't work as content-type isn't being set) ;p the idea behind it is somethign that has been plauging me for years, apache's complete lack of vhost and mass hosting support from day 1. While i hear you say 'but it supports vhosts!' it does - but tacked on in an odd way. The idea iwould be for the *very* core of the server to run as a user with set(e)uid() capabilities to spawn a thread and switch a user in a set group (using capabilities), then when a request that allows the user to execute something is served, a thread switches to that user to serve the request. There are lots of ifs and buts, and if they could be cleared up, it would make my day for security reasons... In a hosting enviroment, the only way you can execute CGI scripts as the user themself is to use suexec, which is fine by itself, but you also have to pipe PHP down the same method so that users can't do evil thigns like sending a killall to all the apache processes, and even worse, you can't allow SSI because there is no way to make it switch privs, argh. all that is fine in itself, too, but when you host 5000 busy sites running PHP or CGI scripts, watch the load go up .... so instead of using 1 server that could handle (lets say) 5000 sites, you have to use 3 because of the overhead in all the fork()'ing goign on. and whats worse, people can't make their scripts use mod_perl, because that rus as the webserver, too. so for ISP's it's a balance between what you offer, security, and use of resources. great!
Simon, whose been playing with dnscache
woo woo! he's seen the light! amen! :p *duck* ~ Theo - -- Theo Zourzouvillys http://zozo.org.uk/ You will be audited by the Internal Revenue Service. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9NqZF448CrwpTn6YRAtcwAJ44h5ZPXIP9elzC0ic+UAEkBKfmJQCeLAnD d58OwdoQiwYN/Huwhpg1qyo= =F5Ty -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.