Re: Spoofing as the postmaster

* Trevor Talbot (quension@gmail.com) wrote:
> There are various platform-specific security features that might be
> useful, like reserved port ranges and file permissions, but they are
> so specific to the scenario they're designed for that it's hard to
> create a generic solution that works well by default -- especially if
> you want to run without requiring administrative privileges in the
> first place.

Agreed.  A guarentee that the process listening on a particular port is
what you're expecting isn't something that upstream can give.  It needs
to be done through some situation-specific mechanism.  There are a
number of options here, of course: SSL, Kerberos, SELinux, even things
like the tiger IDS.  Reserved ports really aren't all that great a
solution in the end anyway, to be honest.
Enjoy,
    Stephen