On Sep 12, 2006, at 6:35 PM, Darrin Chandler wrote:

> On Tue, Sep 12, 2006 at 06:21:44PM -0700, Mike Garfias wrote:
>> I have never seen a compelling reason to run chrooted.
>
> Exposed services always have vulnerabilities. Maybe none that are  
> known
> right now, but they're in there. Chroot can mitigate the damage  
> when/if
> somebody exploits a hole. Not picking on postfix here. It's just a  
> Good
> Idea(tm) where it's practical. And, really, it ain't that hard to  
> move a
> few things into a chroot.

Actually, it can be.  Try keeping a symlink to a socket for a service  
that can go up and down in a chroot jail.  Its not easy
Like I said, I haven't seen a compelling reason (for me) to run  
postfix chrooted.  In any case, some part of the app has to leave the  
jail at some point, so you still have an attack vector.

I am well aware of the possibilities for compromise, but its a  
calculated risk.


>
>> And it makes things much easier when you start extending the system.
>
> Security v. convenience is an old battle. Security usually loses.

There is a trade off.  Hell, there is an old battle of safety vs  
getting things done.  Most of us drive cars even when we realize the  
possibilities for violent impacts with other cars. 
  
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss