gnuserv should not listen to the internet

To: debian-emacsen@lists.debian.org
Cc: 177236@bugs.debian.org
Subject: gnuserv should not listen to the internet
From: Christian Jaeger <christian.jaeger@ethlife.ethz.ch>
Date: Fri, 13 Aug 2004 00:26:49 +0200
Message-id: <p04320403bd40e9134638@[192.168.40.11]>

Hello.

This bug
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=177236
is now 1 year and 207 days old.

xemacs21-bin from debian unstable is still listening to the world.

Am I the only one with a dislike for that?

- because of security. gnuserv already had security holes in the past.

- because it can get in the way - for example if you are usingchroot's or something like vserver, you might want to run multipleinstances of gnuserv as the same user, thus the same port, => failureis programmed.

It's easy to just switch off listening on inet at all - this is whatI have done to some of my installations. (But I have no notion doingthis forever and everywhere). I could provide you a patch for this.

So the question to the community is: does anyone actually *use*gnuserv over the net?

If yes, then there should be a runtime option for switching inet onor off (or: *, localhost, off - or even an address). (Who will dothis patch? Might be I jump in some time.)

Question two then arises: which should be the default for thelistening, on or off (or localhost)? I would really suggest off.


Thanks for any responses
Cheers
Christian.

Reply to:

Follow-Ups:
- Re: gnuserv should not listen to the internet
  - From: Holger.Schauer@gmx.de
- Re: gnuserv should not listen to the internet
  - From: OHURA Makoto <ohura@debian.org>

Prev by Date: Re: Status of XEmacs? (problem with tramp)
Next by Date: Re: gnuserv should not listen to the internet
Previous by thread: Ecstasy Time
Next by thread: Re: gnuserv should not listen to the internet
Index(es):
- Date
- Thread