On Tue, Sep 12, 2006 at 06:21:44PM -0700, Mike Garfias wrote:
> I have never seen a compelling reason to run chrooted.

Exposed services always have vulnerabilities. Maybe none that are known
right now, but they're in there. Chroot can mitigate the damage when/if
somebody exploits a hole. Not picking on postfix here. It's just a Good
Idea(tm) where it's practical. And, really, it ain't that hard to move a
few things into a chroot.

> And it makes things much easier when you start extending the system.

Security v. convenience is an old battle. Security usually loses.

-- 
Darrin Chandler            |  Phoenix BSD Users Group
dwchandler@stilyagin.com   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss