[mod_python] mailman with mod_python in chroot jail?

Timon Schroeter mailinglists_timon at schroeter.it
Tue Dec 5 10:08:19 EST 2006 

Thank you Martin and Daron for your answers & the pointer to the  
correct archive url!

Timon

--
work ::: http://ida.first.fhg.de/~timon
Dipl. Chem. Timon Schroeter, Intelligent Data Analysis Group (IDA)
Fraunhofer FIRST, Kekulestr. 7, 12489 Berlin,  030 6392-1882
--
private ::: http://timon.info
Möllendorffstr. 114, 10367 Berlin,
030 214 666 26, 0179 23 75 910
skype: timon.schroeter




Am 04.12.2006 um 20:49 schrieb Deron Meranda:

> On 12/4/06, Timon Schroeter <mailinglists_timon at schroeter.it> wrote:
>> does anyone here have experience with running mailman on mod_python
>> in a chroot-jail?
>>
>> If you don't, do you expect any obstacles I should be aware of?
>
> I don't know specifically about mailman, but keep in mind that
> when using chroot jails everything that you need must be resolvable
> from inside the jail.  So this would also mean that you have to run
> Apache inside the jail too.  From a Unix security perspecitive,
> mod_python *IS* the same as Apache httpd.  And you probably also
> need sendmail, etc. in there or whatever resources mailman needs.
>
> I suspect really that you'll end up having to add so much to the
> jail that it's not really worth it.  And chroot jails are notoriously
> insecure (leaky) and hard to maintain (apply patches, etc) for all
> but the simplest of daemons.
>
> If you can possibly run on a modern Linux system, you may get
> better security with less grief by using SElinux mandatory access
> control rules than any chroot jail could give you.
>
> But I have no direct experience attempting this is mailman, so
> perhaps others have some better advice.
>
>
>> Sorry if this has been answered before- I've unsucessfully tried
>> google and the archives of this list- they aren't accessible from the
>> listinfo-page: The link points to
>> http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/
>> mod_python/
>
> Sorry, that appears to be a misconfiguration of the listinfo page.   
> Archives
> are available though.  See http://wiki.apache.org/mod_python/ 
> Mailing_lists
> for correct links.
> -- 
> Deron Meranda
>

More information about the Mod_python mailing list