On 19 Feb 2005, at 21:29, Craig White wrote:
On Sat, 2005-02-19 at 21:01 +0100, Felipe Alfaro Solana wrote:On 19 Feb 2005, at 18:14, David Cary Hart wrote:
I'm running production web, mail and FTP servers and I don't appreciate
the value of SELinux. Someone in the DShield list referred to this as
"protection for the tinfoil helmet set."
However, I do not NAT SSH nor Telnet. For that matter, the only ports that are open are http, smtp, pop3 and ftp.
All of them are points of attack. SELinux can protect what they can do in case a hacker tries to exploit them. Also POP3 and FTP are considered insecure as they use plain-text logins. Also, POP3 usually runs as root in order to access user mailboxes.--- I don't think the daemons that serve pop3 or imap are likely to be running as root but I guess that would probably depend upon which one you are using.
That's why I said *usually* ;-) AFAIK, cyrus-imapd is the only one that uses a special DB backend, instead of maildirs and thus can run, and indeed it does, as a normal user. Don't know for dovecot, but others I tried in the past required to run as root.
