[cap-talk] Dan Bernstein's qmail security lessons paper

[Bill Frantz]

"Some thoughts on security after ten years of qmail 1.0"
Daniel J. Bernstein 

<http://cr.yp.to/qmail/qmailsec-20071101.pdf>

This paper has some interesting insights on security engineering a
non-trivial real-world system that should appeal to capability thinkers.
 It includes some delightful quotes like:

"I see a huge amount of money and effort being invested in security, and
I have become convinced that most of that money and effort is being
wasted. Most “security” efforts are designed to stop yesterday’s attacks
but fail completely to stop tomorrow’s attacks and are of no use in
building invulnerable software. These efforts are a distraction from
work that does have long-term value."

"I have become convinced that this “principle of least priv- 
ilege” is fundamentally wrong. Minimizing privilege might 
reduce the damage done by some security holes but almost 
never fixes the holes. Minimizing privilege is not the same 
as minimizing the amount of trusted code, does not have the 
same benefits as minimizing the amount of trusted code, and 
does not move us any closer to a secure computer system."

"I have discovered that there are two types of command 
interfaces in the world of computing: good interfaces and 
user interfaces."

Cheers - Bill

---------------------------------------------------------------------------
Bill Frantz        |"We used to quip that "password" is the most common
408-356-8506       | password. Now it's 'password1.' Who said users haven't
www.periwinkle.com | learned anything about security?" -- Bruce Schneier