Some Thoughts on Security After Ten Years of qmail 1.0

被引:13
作者
Bernstein, Daniel J. [1 ]
机构
[1] Univ Illinois, Dept Math Stat & Comp Sci, Chicago, IL 60607 USA
来源
CSAW'07: PROCEEDINGS OF THE 2007 ACM COMPUTER SECURITY ARCHITECTURE WORKSHOP | 2007年
关键词
Eliminating bugs; eliminating code; eliminating trusted code;
D O I
10.4272/978-84-9745-157-4.ch1
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The qmail software package is a widely used Internet-mail transfer agent that has been covered by a security guarantee since 1997. In this paper, the qmail author reviews the history and security-relevant architecture of qmail; articulates partitioning standards that qmail fails to meet; analyzes the engineering that has allowed qmail to survive this failure; and draws various conclusions regarding the future of secure programming.
引用
收藏
页码:1 / 10
页数:10
相关论文
共 24 条
[1]  
ACHARYA A, 2000, 9 USENIX SEC S
[2]  
[Anonymous], 2006, CURVE25519 NEW DIFFI
[3]  
[Anonymous], 1997, The Cathedral and the Bazaar
[4]  
[Anonymous], QMAIL
[5]  
ANUPAM V, 1998, 7 USENIX SEC S
[6]  
BADGER ML, 1995, 5 USENIX SEC S
[7]  
BERNSTEIN C, 1996, MODERNISM-MODERNITY, V3, P1, DOI DOI 10.1353/MOD.1996.0043
[8]  
BERNSTEIN DJ, 1996, INTERNET HOST SMTP S
[9]  
BLUM R, 2000, RUNNING QMAIL
[10]  
*COMP EM RESP TEAM, 2002, CA200219 CERT
123