On 2024-12-20 08:03, Michael Tokarev via Postfix-users wrote: >> >> And then you're going to watch this list and respond accordingly? ;) > > Absolutely. This is exactly why I asked in the first place. > I don't see why you're smiling there.
Because it's overly optimistic and unreliable scenario. We're all humans, nothing will be supported by us forever. Well-written code is self-explanatory, explicit or documented exactly for that reason, sometimes not understood by younger ones. Starting with still missing rationale, what are you trying to accomplish here. Can you name one realistic or three theoretical threats that you want to mitigate by all that work? You say "local is non-chrootable" - I say local is the mostly exposed, running user-provided content, binary and environment. It's the local which can exploit CVE in your kernel. You're not preventing any of this. Would your chroot prevent any remote escalation? How? It doesn't prevent code execution (if some injection bug were found). It doesn't create unbreakable filesystem barrier, keeping away more from all the non-root daemons, and the rootful ones can still do anything they want. If you have tickets and users report problems with chroot being on by default by distro decision, just switch if off and follow upstream defaults. If you want to improve security, stop hand waving and resolve potentially exploitable areas (I've already mentioned several). _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
