Thoughts on the Security of qmail
Dan Bernstein wrote an interesting paper on the security lessons he’s learned from qmail.
My views of security have become increasingly ruthless over the years. I see a huge amount of money and effort being invested in security, and I have become convinced that most of that money and effort is being wasted. Most “security” efforts are designed to stop yesterday’s attacks but fail completely to stop tomorrow’s attacks and are of no use in building invulnerable software. These efforts are a distraction from work that does have long-term value.
Very interesting stuff, some counter to conventional security wisdom.
I have become convinced that this “principle of least privilege” is fundamentally wrong. Minimizing privilege might reduce the damage done by some security holes but almost never fixes the holes. Minimizing privilege is not the same as minimizing the amount of trusted code, does not have the same benefits as minimizing the amount of trusted code, and does not move us any closer to a secure computer system.
William Morriss • November 16, 2007 7:38 AM
I’m not sure I agree with the author’s argument that money is being wasted because “Most ‘security’ efforts are designed to stop yesterday’s attacks but fail completely to stop tomorrow’s attacks and are of no use in building invulnerable software.” It seems to me that there’s good value in defending yourself from yesterday’s attacks. For example, you can avoid being victimized by people looking for soft targets using known exploits. Invulnerable software might be nice, but the pursuit of (likely unattainable) invulnerable software shouldn’t distract from the value of learning from the past.
I posted in more detail, including some discussion of legal implications of security at http://ephemerallaw.blogspot.com/2007/11/protecting-against-yesterdays-threats.html.