Re: Why does dovecot require mysql?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: Why does dovecot require mysql?
From: "Scot L. Harris" <webid@xxxxxxxxxx>
Date: Mon, 17 Jan 2005 11:34:39 -0500
In-reply-to: <[email protected]>
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

On Mon, 2005-01-17 at 04:08, Rahul Sundaram wrote:
> Hi
> 
> > > You are overstating the security risk of a single library package that
> > > is unused.
> > >
> > 
> > Single library?  It looked to me as if the whole set of files that make
> > up mysql and postgresql were being pulled in and loaded on the system.
> 
> 
> bloat is a more valid point that security risks IMHO.
> 
> disabled services dont present much of a security risk. 

Bloat is good enough reason to split these dependencies out.  No
argument there.

But don't ignore the security implications.  Having unneeded code on the
system even with the service disabled may provide someone with access to
the system (either a known user or a hacker that gets user level
privileges through another exploit) the boot strap needed to get root
privileges.  

Difficult? Yes.  But by using best practices and keeping as much unused
unneeded code off a server as possible you eliminate such possibilities
100%.  

-- 
Scot L. Harris
webid@xxxxxxxxxx

It's a very *__UN*lucky week in which to be took dead.
		-- Churchy La Femme

References:
- Why does dovecot require mysql?
  - From: Scot L. Harris
- Re: Why does dovecot require mysql?
  - From: Rahul Sundaram
- Re: Why does dovecot require mysql?
  - From: Scot L. Harris
- Re: Why does dovecot require mysql?
  - From: Rahul Sundaram
- Re: Why does dovecot require mysql?
  - From: Rahul Sundaram
- Re: Why does dovecot require mysql?
  - From: Scot L. Harris
- Re: Why does dovecot require mysql?
  - From: Rahul Sundaram
- Re: Why does dovecot require mysql?
  - From: Scot L. Harris
- Re: Why does dovecot require mysql?
  - From: Warren Togami
- Re: Why does dovecot require mysql?
  - From: Scot L. Harris
- Re: Why does dovecot require mysql?
  - From: Rahul Sundaram

Prev by Date: Re: Why do I need mDNSResponder/howl?
Next by Date: Re: Which 'bind' does Network Manager want?
Previous by thread: Re: Why does dovecot require mysql?
Next by thread: Re: Why does dovecot require mysql?
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux