gnuserv should not listen to the internet
Hello.
This bug
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=177236
is now 1 year and 207 days old.
xemacs21-bin from debian unstable is still listening to the world.
Am I the only one with a dislike for that?
- because of security. gnuserv already had security holes in the past.
- because it can get in the way - for example if you are using
chroot's or something like vserver, you might want to run multiple
instances of gnuserv as the same user, thus the same port, => failure
is programmed.
It's easy to just switch off listening on inet at all - this is what
I have done to some of my installations. (But I have no notion doing
this forever and everywhere). I could provide you a patch for this.
So the question to the community is: does anyone actually *use*
gnuserv over the net?
If yes, then there should be a runtime option for switching inet on
or off (or: *, localhost, off - or even an address). (Who will do
this patch? Might be I jump in some time.)
Question two then arises: which should be the default for the
listening, on or off (or localhost)? I would really suggest off.
Thanks for any responses
Cheers
Christian.
Reply to: