Postfix and procmail
Darrin Chandler
dwchandler at stilyagin.com
Tue Sep 12 18:35:51 MST 2006
On Tue, Sep 12, 2006 at 06:21:44PM -0700, Mike Garfias wrote:
> I have never seen a compelling reason to run chrooted.
Exposed services always have vulnerabilities. Maybe none that are known
right now, but they're in there. Chroot can mitigate the damage when/if
somebody exploits a hole. Not picking on postfix here. It's just a Good
Idea(tm) where it's practical. And, really, it ain't that hard to move a
few things into a chroot.
> And it makes things much easier when you start extending the system.
Security v. convenience is an old battle. Security usually loses.
--
Darrin Chandler | Phoenix BSD Users Group
dwchandler at stilyagin.com | http://bsd.phoenix.az.us/
http://www.stilyagin.com/ |
More information about the PLUG-discuss
mailing list