Re: restricing few users from sending/receiving attachments in postfix and in sendmail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2006-01-24 at 23:51 +1100, John Francis wrote:
> Ok, so you can stop MIME and UUE attachments.  But I think Paul was
> correct in stating that it will still be possible to send arbitrary
> file types.  Given any transport that can send bytes of data between
> two computers, you can always use it to transfer arbitrary data.  A
> sophisticated user may get around the limitations imposed by his
> network administrator by designing his own encoding method (or using
> mime or uue without well know header values).
> 
> It's like they say with security be it physical or electronic: there
> is no way to make a break-in impossible it's just a matter of making
> it as difficult as possible given your budget (of time, money, loss of
> functionality, etc).

That's certainly true.  But if you were in an office environment, you'd
not just lock down the server, but each client machine.  You'd regulate
them so they couldn't run anything other than pre-approved programs,
which would stop them installing something new, or running something
inserted on a disk.  You'd also lockout changes to configurations of
existing programs.

If you didn't do all of that, then as you say, half-security isn't doing
you any real good.  You delude yourself that your system is safe, and
don't even bother to check.

For good security, you need a real multi-user system, one designed to
let them all do their bit, but not stuff up someone else.  Windows just
isn't true multi-user.  It might support different configurations for
different users, but that's not multi-user.

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux