unsubscribe
-----Original Message----- From: Theo v. Werkhoven [mailto:twe-suse.sec@ferrets4me.xs4all.nl] Sent: Wednesday, April 27, 2005 02:07 PM To: suse-security@suse.com Subject: Re: [suse-security] SuSEconfig and read-only proc in 9.2
On Sun, 24 Apr 2005, Joe made the net somewhat safer by saying:
On Sonntag, 24. April 2005 17:43 Theo v. Werkhoven wrote:
On Sat, 23 Apr 2005, Joe made the net somewhat safer by saying:
On Samstag, 23. April 2005 03:38 Joe Knall wrote:
[..]
Unmounting /var/spool/postfix/proc does apparently not affect anything.
Is there a deeper meaning in it in the end?
This question is still open. Is there anybody in the know? Thanks for your comments
Don't enable chroot for Postfix, unless you know what you're doing.
Theo
Well, that may be correct. Would you mind providing me any enlightning link or so to let me really make the net somewhat safer?
The topic regularly comes up in the Postfix mailinglist. There's a script in the Postfix documentation directory to setup chroot without the special SuSE tricks. /usr/share/doc/packages/postfix/examples/chroot-setup/LINUX2
Btw, my chrooted apaches, mysql and squid all work well without a proc filesystem within their jails, but those are selfmade. With postfix I just a feature included in delivery. And that's one of the reasons why I still ask for the meaning behind this config of postfix or what ever may be behind it.
I can't guess the reasons behind SuSE's implementation of the chroot environment for Postfix, I do know that Postfix's author tells people that chroot isn't an end to all security problems and it can be more trouble than it's worth.
Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 9.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.8 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (1)
-
Eric Lalande