LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LCA: Lessons from 30 years of Sendmail

LCA: Lessons from 30 years of Sendmail

Posted Feb 3, 2011 6:30 UTC (Thu) by cmccabe (guest, #60281)
In reply to: LCA: Lessons from 30 years of Sendmail by HelloWorld
Parent article: LCA: Lessons from 30 years of Sendmail

There's nothing wrong with C. On the other hand, there's a lot of things wrong with writing a daemon that doesn't have proper privilege separation.

P.S. Higher level languages are vulnerable to a variety of attacks that C isn't. For example, eval-based attacks or SQL injection attacks. The solution to these problems is the same: validate user inputs carefully, and structure your application into different components that communicate by message passing, rather than a single giant blob.

(Log in to post comments)

LCA: Lessons from 30 years of Sendmail

Posted Feb 5, 2011 20:59 UTC (Sat) by leoc (subscriber, #39773) [Link]

IMHO the only decent solution to poor programs is to build better programmers who are not ignorant and don't take shortcuts. But of course good programmers and good code cost more time (and money) which is why the market does not select for those traits.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds