The Fundamental Rules That Secure qmail

Thomas Ptacek | November 23rd, 2005 | Filed Under: Defenses

In the qmail security guarantee, back in 1996, Dan Bernstein attributed the success of his architecture to 7 “fundamental rules”:

1. Don’t treat programs and files as addresses.

2. Do as little as possible in setuid programs.

3. Do as little as possible as root.

4. Move seperate functions into mutually untrusting programs.

5. Don’t parse.

6. Keep it simple, stupid.

7. Write bug-free code.