Postfix and procmail

Darrin Chandler dwchandler at stilyagin.com
Tue Sep 12 18:35:51 MST 2006


On Tue, Sep 12, 2006 at 06:21:44PM -0700, Mike Garfias wrote:
> I have never seen a compelling reason to run chrooted.

Exposed services always have vulnerabilities. Maybe none that are known
right now, but they're in there. Chroot can mitigate the damage when/if
somebody exploits a hole. Not picking on postfix here. It's just a Good
Idea(tm) where it's practical. And, really, it ain't that hard to move a
few things into a chroot.

> And it makes things much easier when you start extending the system.

Security v. convenience is an old battle. Security usually loses.

-- 
Darrin Chandler            |  Phoenix BSD Users Group
dwchandler at stilyagin.com   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |


More information about the PLUG-discuss mailing list