I have a server using a chrooted environment for my various websites (running 3 websites). Specificly I am running an a red hat server with ensim basic. Are there any modiciations to Mailman 2.1.5, outside the regular configuration, to make it work in a chrooted environement.
Branden
Branden Simbeck
Director, Information Technology
Polycystic Ovarian Syndrome Association
www.pcosupport.org <http://www.pcosupport.org/>
Phone: (724) 449-0237
On Sat, 2004-10-30 at 23:08, Branden Simbeck wrote:
I have a server using a chrooted environment for my various websites (running 3 websites). Specificly I am running an a red hat server with ensim basic. Are there any modiciations to Mailman 2.1.5, outside the regular configuration, to make it work in a chrooted environement.
Is a chroot jail worth it? Chroot jails can be compromised. Mailman does not run in isolation, it has a heavy interaction with your MTA and your web server, it also depends on cron. Both MTA and HTTP servers now reach their tentacles into the overall system very far when trying to utilize various authentication methods, LDAP, etc. Communication between these various components is mostly done via sockets. All of this has to be visible in the chroot, AND all changes outside the chroot have to be reflected back into the chroot, its enormous. Even Wietse Venema the author of postfix has cooled his earlier recommendation for chroot environments. By all means go for it, just don't under estimate the task and weigh the cost against the benefit. Eschewing chroot and instead focusing on best practices, aggressive tracking of security updates, and possible adoption of SELinux (verdict on SELinux is still out) is probably a more realistic security approach than chroot isolation. Just my opinion ...
-- John Dennis <jdennis@redhat.com>
participants (2)
-
Branden Simbeck -
John Dennis