[Mailman-Users] Question about 2.1.5 Install
John Dennis
jdennis at redhat.com
Mon Nov 1 18:53:12 CET 2004
On Sat, 2004-10-30 at 23:08, Branden Simbeck wrote:
> I have a server using a chrooted environment for my various websites
> (running 3 websites). Specificly I am running an a red hat server with ensim
> basic. Are there any modiciations to Mailman 2.1.5, outside the regular
> configuration, to make it work in a chrooted environement.
Is a chroot jail worth it? Chroot jails can be compromised. Mailman does
not run in isolation, it has a heavy interaction with your MTA and your
web server, it also depends on cron. Both MTA and HTTP servers now reach
their tentacles into the overall system very far when trying to utilize
various authentication methods, LDAP, etc. Communication between these
various components is mostly done via sockets. All of this has to be
visible in the chroot, AND all changes outside the chroot have to be
reflected back into the chroot, its enormous. Even Wietse Venema the
author of postfix has cooled his earlier recommendation for chroot
environments. By all means go for it, just don't under estimate the task
and weigh the cost against the benefit. Eschewing chroot and instead
focusing on best practices, aggressive tracking of security updates, and
possible adoption of SELinux (verdict on SELinux is still out) is
probably a more realistic security approach than chroot isolation. Just
my opinion ...
--
John Dennis <jdennis at redhat.com>
More information about the Mailman-Users
mailing list