[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "uselessly listens on localhost" RC

Hi Andreas,

Andreas Barth wrote:
> Reasoning for this is that opening listening sockets with the network
> allows "better" ways to exploit security bugs than in the traditional
> unix filesystem.

Erm, excuse me but that argument sounds rather silly to me.
Over the years there have been many daemons that have completely moved away
from unix domain sockets to using standard network sockets because it
provides more flexibility and supporting both means more code to maintain
and support.
If a daemon supports both methods I'd be more inclined to making the
application drop unix domain sockets support and invest more time improving
and securing the network sockets usage.

Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to: