-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!
Unmounting /var/spool/postfix/proc does apparently not affect anything.
Is there a deeper meaning in it in the end?
My question still is: Why does this affect /proc? If I run postfix in chroot and I want to restart my firewall script it tells /proc is ro and I can't set kernelparameters. If I boot postfix is started after the firewall is initialized - this means at boottime it will set options as I desire. If I want to change things in runtime, e.g. after setup of a new box with a new firewall rule for it, I get the error /proc is ro :) Any conclusions? By the way why is proc mounted ro and rw? Second thing: If I got access to /proc chroot can be escaped and - even it only ro - any malicious user can read files from /proc with the process users rights. This means for me chrooted postfix within SuSE isn't what it's expected to be - any attacker can escape chroot maybe only ro but he/she can. This behavior I got with a self-crafted chroot apache with /proc access as well. Am I right or what did I forget about this? Philippe - -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQD1AwUBQmxDo0Ng1DRVIGjBAQIdGwb8C160ddL50bS6gzuTRP/DH8AU8SuGI1+Z 6/41gRv7MXwxinFNUIY0Fou/aePyfwlfBmxdhCSjhziAqEusAobop1Xc13Kubd6J NO2c+ANEaW65CyHRZ9Zhcx0zNET6DXKM2oezXwt6pe8rPeprATrNEaRDLeVklJel xpS2f9TW9bF53HaiElFIMzEJdPO4XJTLuOdrucTJRLCYYqtU6f1JgkIttYuy3SjE 8Ht2NE+/jOtPBDdHpNrl56iHWJyjTh05L6JkMCw+EJH+ZoLuwi40fXvoIlmbKuUk 4fhwKwhCSI0= =eAqC -----END PGP SIGNATURE-----