Debian Postfix backports and SASL2
lists.ASkwar at email-server.info
Tue Apr 29 10:26:03 EDT 2003
Markus Welsch wrote:
> I run every single service chrooted since I'm kind of paranoid when it
> comes to security :-). MySQL is running on another host anyways in my case.
Well, I'm also paranoid (maybe not paranoid enough, but I'm working on
it *G*). But for me, it's a good enough start if connections to a
server process are only possible from the server itself; ie. either via
sockets or by binding the server to the loopback device.
So, while in theory it's not a relly clean solution to move certain
sockets into a chroot of something else, it's a very practical solution,
> > But aren't TCP connects slower than socket connects? That's the
> > reason why I always use sockets.
> True, about 10%
Dunno if this number is correct, but I'll take your word for it. And
since this is such a high number, I don't quite see why I should take
this performance penalty just for a security risk which I don't see in
the first place :).
Signatur vorübergehend deaktiviert.
More information about the Info-cyrus