Re: is it ok to listen on a localhost port for tests during build time?
]] Serafeim Zanikolas
| On Sun, Dec 06, 2009 at 11:56:37AM +0100, Tollef Fog Heen wrote:
| > ]] Serafeim Zanikolas
| >
| > | The service supports no authorisation/authentication and, as of now, has no
| > | way of limiting the size of inserted messages. Would it be acceptable if I
| > | were to patch the tests to accept connections only from the localhost?
| > | (implies a potential risk of a local user attack)
| >
| > What are the implications of a user inserting a message? Test failing
| > where it should succeed? DoS causing the build to fail? DoS causing
| > the disk to fill up? Local root exploit? If it's just the build
| > failing, I think it's fine. If it becomes a root exploit, it's
| > certainly not.
|
| beanstalkd keeps messages in-memory (non-persistent by default) so one could
| potentially force the host to thrash by stuffing big messages (limiting msg
| size is considered for future releases).
Just like any other user can, by default.
[...]
| For now at least I'll upload with testing disabled.
I would rather just have it uploaded with testing enabled. Tests are
good and useful and I would not be surprised if you find a bug on a
somewhat esoteric architecture that upstream hasn't tested on.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: