docs/diploma

diff thesis/tex/5-Improvements.tex @ 406:1d527ad76c97

spell checking
author meillo@marmaro.de
date Sun, 08 Feb 2009 23:51:48 +0100
parents e57129f57faa
children
line diff
     1.1 --- a/thesis/tex/5-Improvements.tex	Sun Feb 08 23:18:15 2009 +0100
     1.2 +++ b/thesis/tex/5-Improvements.tex	Sun Feb 08 23:51:48 2009 +0100
     1.3 @@ -32,7 +32,7 @@
     1.4  The third file controls the configuration files. New configuration options need to be added. The encryption policy for incoming connections needs to be defined. Three choices seem necessary: no encryption, offer encryption, insist on encryption. The encryption policy for outgoing connections should be part of each route setup. The options are the same: never encrypt, encrypt if possible, insist on encryption.
     1.5  \index{configuration}
     1.6  
     1.7 -\subsubsection*{Depencencies}
     1.8 +\subsubsection*{Dependencies}
     1.9  
    1.10  \NAME{STARTTLS} uses \NAME{TLS} encryption which is based on certificates. Thus the \MTA\ needs its own certificate. This should be generated during installation. A third party application like \name{openssl} should be taken for this job. The encryption itself should also be done using an available library. \name{openssl} or a substitute like \name{gnutls} does then become a dependency for \masqmail. \name{gnutls} seems to be the better choice because the \name{openssl} license is incompatible to the \NAME{GPL}, under which \masqmail\ and \name{gnutls} are covered.
    1.11  \index{tls}
    1.12 @@ -553,7 +553,7 @@
    1.13  \index{qmail}
    1.14  \index{root privilege}
    1.15  
    1.16 -The \name{queue-in} module is the part of the system that is most critical about permission. It either needs to run as deamon or be \name{setuid} or \name{setgid} in order to avoid a world-writable queue. \person{Ian~R.\ Justman} recommends to use \name{setgid} in this situation:
    1.17 +The \name{queue-in} module is the part of the system that is most critical about permission. It either needs to run as daemon or be \name{setuid} or \name{setgid} in order to avoid a world-writable queue. \person{Ian~R.\ Justman} recommends to use \name{setgid} in this situation:
    1.18  \index{setuid}
    1.19  
    1.20  \begin{quote}
    1.21 @@ -561,7 +561,7 @@
    1.22  \hfill\cite{justman:bugtraq}
    1.23  \end{quote}
    1.24  
    1.25 -\person{Bernstein} chose \name{setuid} for the \name{qmail-queue} module, \person{Venema} uses \name{setgid} in \postfix, yet the differences are small. Better than running the module as a deamon is each of them. A deamon needs more resources and therefore becomes inefficient on systems with low mail amount, like the ones \masqmail\ will probably run on. Short running processes are additionally higher obstacles for intruders, because a process will die soon if an intruder managed to take one over.
    1.26 +\person{Bernstein} chose \name{setuid} for the \name{qmail-queue} module, \person{Venema} uses \name{setgid} in \postfix, yet the differences are small. Better than running the module as a daemon is each of them. A daemon needs more resources and therefore becomes inefficient on systems with low mail amount, like the ones \masqmail\ will probably run on. Short running processes are additionally higher obstacles for intruders, because a process will die soon if an intruder managed to take one over.
    1.27  \index{qmail}
    1.28  \index{postfix}
    1.29  \index{setuid}