Postfix and procmail
Mike Garfias
mike at garfias.org
Tue Sep 12 19:32:32 MST 2006
On Sep 12, 2006, at 6:35 PM, Darrin Chandler wrote:
> On Tue, Sep 12, 2006 at 06:21:44PM -0700, Mike Garfias wrote:
>> I have never seen a compelling reason to run chrooted.
>
> Exposed services always have vulnerabilities. Maybe none that are
> known
> right now, but they're in there. Chroot can mitigate the damage
> when/if
> somebody exploits a hole. Not picking on postfix here. It's just a
> Good
> Idea(tm) where it's practical. And, really, it ain't that hard to
> move a
> few things into a chroot.
Actually, it can be. Try keeping a symlink to a socket for a service
that can go up and down in a chroot jail. Its not easy
Like I said, I haven't seen a compelling reason (for me) to run
postfix chrooted. In any case, some part of the app has to leave the
jail at some point, so you still have an attack vector.
I am well aware of the possibilities for compromise, but its a
calculated risk.
>
>> And it makes things much easier when you start extending the system.
>
> Security v. convenience is an old battle. Security usually loses.
There is a trade off. Hell, there is an old battle of safety vs
getting things done. Most of us drive cars even when we realize the
possibilities for violent impacts with other cars.
More information about the PLUG-discuss
mailing list