Debian Postfix backports and SASL2

Alexander Skwar lists.ASkwar at
Tue Apr 29 10:26:03 EDT 2003

Markus Welsch wrote:

> I run every single service chrooted since I'm kind of paranoid when it 
> comes to security :-). MySQL is running on another host anyways in my case.

Well, I'm also paranoid (maybe not paranoid enough, but I'm working on
it *G*).  But for me, it's a good enough start if connections to a
server process are only possible from the server itself; ie. either via
sockets or by binding the server to the loopback device.

So, while in theory it's not a relly clean solution to move certain
sockets into a chroot of something else, it's a very practical solution,
I think.

>  > But aren't TCP connects slower than socket connects?  That's the
>  > reason why I always use sockets.
> True, about 10%

Dunno if this number is correct, but I'll take your word for it.  And
since this is such a high number, I don't quite see why I should take
this performance penalty just for a security risk which I don't see in
the first place :).

Alexander Skwar
Signatur vorübergehend deaktiviert.

More information about the Info-cyrus mailing list