On Fri, Jun 04, 2004 at 06:03:23PM +1000, Russell Coker wrote: > On Fri, 4 Jun 2004 05:57, Luke Kenneth Casson Leighton <lkcl@xxxxxxxx> wrote: > > ?all in the same single monolithic daemon that bound itself > > ?to several different ports and several different unix domain > > ?sockets, you wouldn't seriously consider saying that "this > > ?hybrid is a trusted application" would you? > > "trusted" in this context does not mean "the code is great and we can totally > trust it", but rather "due to the design of the system we have no choice but > to trust it as it can totally break the security if it has a problem". well, the thing is that if you use samba-tng, you _do_ have a choice. each service is separated into its own daemon. you might want to mention this to the samba team because they were totally (and technically unjustifiable) unreasonably adamant that no such thing would be implemented in samba(3). "it's too slow" "using unix domain sockets is insecure" were my favourites. l.
