-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Freitag, 11. Oktober 2002 01:22 schrieb Tommy Wareing: > > There's the question of security: this now allows a breached > postfix to rewrite resolv.conf for the rest of my machine, although > only that single file. So it's safer than not chroot-ing, but not as > good as fixing all the applications which write to resolv.conf > (linuxconf and dhcp being the two I can think of, but there may be > sufficient others to mean this isn't viable). > > Of course, if we ever have two different chroot'd applications, this > won't be viable, so in the long term, it's still a potential problem.
with the resolv.conf there is a simple solution: setting up a local cachingonly nameserver and ignore the warning of postfix for different resolv.conf file. btw: only the masterdaemon of postfix runs as root. all the other are running als postfix and cannot change resolv.conf. Martin > > But at least I can continue to outfunction all our office Solaris > boxes ;-) - -- - ------------------------------------------------------------ H E L I X Gesellschaft f�r Software & Engineering mbH - ------------------------------------------------------------ Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - ------------------------------------------------------------ http://www.helix-gmbh.net [EMAIL PROTECTED] - ------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9pmnzBG198cnayKQRAjb8AKCGqSAMXvyeiyDIiXMjnaDuHVJsAQCfdDvl bftPcu3HDtiuilaNBmkUp8k= =ww78 -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
