qmail is a program written in C which runs on UNIX. Trying to secure that is a near impossible task.
Building a secure system would basically need to start from scratch with a micro kernel which supported a sandboxed OS written in an interpreted language. Even then drivers and HW would need to be treated with the utmost care.
Granted, actually building such a system would be horribly expensive and probably take the better part of a decade, but it's still possible.
need to start from scratch with a micro kernel which supported a sandboxed OS written in an interpreted language
Didn't Microsoft already do this with Singularity?
Granted, actually building such a system would be horribly expensive and probably take the better part of a decade, but it's still possible
I don't think it would be so horribly expensive. The Lisp machine software was written by a team of 8 or so. The effort for an OS is probably commensurate with BeOS. That's expensive, but not horribly so. Retarget a C compiler for your VM bytecodes, or better yet, just have everything run in an NaCl sandbox. Instead of bytecodes, have your virtual ISA be pseudo x86 or ARM instructions. Then port a lot of GNU code over.
Building a secure system would basically need to start from scratch with a micro kernel which supported a sandboxed OS written in an interpreted language. Even then drivers and HW would need to be treated with the utmost care.
Granted, actually building such a system would be horribly expensive and probably take the better part of a decade, but it's still possible.