On Thu, Oct 26, 2006 at 06:18:30PM +0200, Tore Anderson wrote: > * Marc Haber > > However, the default in Debian's configuration is "host *" which does > > not solve the issue. > > > > Please consider changing the default to 127.0.0.1 > > I don't see what benefits you'll get from binding explicitly to the > loopback interface,
Security. What cannot be connected to cannot be exploited if buggy. What you have here is a process running with root privileges which can be connected to from anywhere. I do not need to list the security implications of that to you, do I? > just a few disadvantages such as requiring deviation from upstream > defaults, Actually, I'd suggest to change the upstream default as well. > causing it to not work out of the box inside a vserver, Not having 127.0.0.1 is a bug in Linux-vserver, which is a big surprise to any experienced sysadmin who expects 127.0.0.1 to be the local host. > and increasing the amount of configuration that must be done to allow > remote Munin installations to query it (which'll probably increase > support load as well). Remote munin installations need to be allowed by configuration anyway, and people running multiple munin-nodes are usually the people who are able to edit configuration. > What issue is there that needs to be solved, exactly? A potentially dangerous security issue. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
