Linus Torvalds wrote: > > What I'd ask people to check is how comfortable for example kernel.org > would be to have one machine that runs this kind of service? I've tried > very hard to set it up so that it doesn't have any security issues: the > daemon can be run as "nobody", and it shouldn't ever even write to any > files, although I guess we should do a full check of that. > Since it can be run as a sequestered user, and we now have plenty of CPU horsepower on the download servers, it seems like it should be an entirely sane thing to do. Is this thing meant to be run from inetd, or is it a "listen and fork" daemon? Especially the latter case, it absolutely *have* to have protections for: - "SYN and run" DoS attacks; - Too many connections from the same IP; - Too many processes running total. -hpa - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Sat Jul 16 12:07:03 2005
This archive was generated by hypermail 2.1.8 : 2005-07-16 12:07:05 EST