Subject: Re: spamd (was Re: CVS commit: src/etc)
To: Jim Wise <jwise@draga.com>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-userlevel
Date: 04/11/2005 11:11:49
In message <Pine.NEB.4.62.0504111101420.495@himring.draga.com>, Jim Wise writes
:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Mon, 11 Apr 2005, YAMAMOTO Takashi wrote:
>
>>> I have a real problem with it -- it should not be $PATH-dependent
>>> whether typing `spamd' starts the daemon which could be necessary to
>>> mail delivery or some other barely-spam-related daemon.
>>
>>well, does your PATH include /usr/libexec?
>>is it a common usage?
>
>Look, I know you're interested in winning the argument at this point,
>but are you _really_ arguing that it's _good_ practice to have two
>different binaries with the same name but completely different functions
>on the system?
>
>Really?
>
>I mean that doesn't even pass the laugh test -- just look at all the
>confusion the difference between banner(1) and banner(6) have caused
>over the years, and those aren't even programs people use almost any of
>the time...
What Jim said. This is a seriously bad idea; it violates the rule of
least surprise. That's bad enough in normal situations; here, we're
talking about security. You do *not* want to confuse people about
security features; they're hard enough to get right as is.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb