Re: socket-based activation has unmaintainable security?

To: debian-devel@lists.debian.org
Subject: Re: socket-based activation has unmaintainable security?
From: Philipp Kern <pkern@debian.org>
Date: Thu, 7 Feb 2013 10:39:59 +0100
Message-id: <[🔎] 20130207093959.GA8339@spike.0x539.de>
In-reply-to: <[🔎] 201302071028.28586.russell@coker.com.au>
References: <20121114204711.GA9158@virgil.dodds.net> <[🔎] 51121C5A.6090203@debian.org> <[🔎] 51129451.3070206@debian.org> <[🔎] 201302071028.28586.russell@coker.com.au>

On Thu, Feb 07, 2013 at 10:28:28AM +1100, Russell Coker wrote:
> Such capabilities allow the process to bind to all low ports, which usually 
> isn't what you desire.  If you want to permit a daemon to bind to exactly one 
> reserved port and no others then it seems that the options are systemd (if the 
> daemon supports socket based activation) and SE Linux.

(x)inetd, no?

Kind regards
Philipp Kern

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: socket-based activation has unmaintainable security?
  - From: Simon McVittie <smcv@debian.org>
- Re: socket-based activation has unmaintainable security?
  - From: Salvo Tomaselli <tiposchi@tiscali.it>

References:
- Re: socket-based activation has unmaintainable security?
  - From: Chow Loong Jin <hyperair@debian.org>
- Re: socket-based activation has unmaintainable security?
  - From: Thomas Goirand <zigo@debian.org>
- Re: socket-based activation has unmaintainable security?
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Go (golang) packaging, part 2
Next by Date: Re: Go (golang) packaging, part 2
Previous by thread: Re: socket-based activation has unmaintainable security?
Next by thread: Re: socket-based activation has unmaintainable security?
Index(es):
- Date
- Thread