"uselessly listens on localhost" RC

To: debian-release@lists.debian.org
Subject: "uselessly listens on localhost" RC
From: Andreas Barth <aba@not.so.argh.org>
Date: Sun, 18 Oct 2009 13:38:24 +0200
Message-id: <[🔎] 20091018113824.GY19557@mails.so.argh.org>
Mail-followup-to: Andreas Barth <aba@not.so.argh.org>, debian-release@lists.debian.org

Hi,

after some discussion we had today on IRC, I tend to think we should
put a section within "security" of the release policy that says
something like "Packages must not open listening sockets at localhost
where usage of a unix domain socket (in the filesystem) would be
equally sufficient".

Reasoning for this is that opening listening sockets with the network
allows "better" ways to exploit security bugs than in the traditional
unix filesystem.


Comments?


Cheers,
Andi

Reply to:

Follow-Ups:
- Re: "uselessly listens on localhost" RC
  - From: Luk Claes <luk@debian.org>
- Re: "uselessly listens on localhost" RC
  - From: Julien Cristau <jcristau@debian.org>
- Re: "uselessly listens on localhost" RC
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: "uselessly listens on localhost" RC
  - From: Raphael Geissert <geissert@debian.org>

Prev by Date: Re: Advice on handling dhcp3-client -> isc-dhcp-client transition
Next by Date: Re: "uselessly listens on localhost" RC
Previous by thread: Re: Advice on handling dhcp3-client -> isc-dhcp-client transition
Next by thread: Re: "uselessly listens on localhost" RC
Index(es):
- Date
- Thread