1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • gnuserv should not listen to the internet

    From Christian Jaeger@1:229/2 to All on Fri Aug 13 00:30:13 2004
    XPost: linux.debian.maint.emacsen
    From: [email protected]

    Hello.

    This bug
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=177236
    is now 1 year and 207 days old.

    xemacs21-bin from debian unstable is still listening to the world.

    Am I the only one with a dislike for that?

    - because of security. gnuserv already had security holes in the past.

    - because it can get in the way - for example if you are using
    chroot's or something like vserver, you might want to run multiple
    instances of gnuserv as the same user, thus the same port, => failure
    is programmed.

    It's easy to just switch off listening on inet at all - this is what
    I have done to some of my installations. (But I have no notion doing
    this forever and everywhere). I could provide you a patch for this.

    So the question to the community is: does anyone actually *use*
    gnuserv over the net?

    If yes, then there should be a runtime option for switching inet on
    or off (or: *, localhost, off - or even an address). (Who will do
    this patch? Might be I jump in some time.)

    Question two then arises: which should be the default for the
    listening, on or off (or localhost)? I would really suggest off.

    Thanks for any responses
    Cheers
    Christian.


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From OHURA Makoto@1:229/2 to All on Fri Aug 13 21:50:04 2004
    XPost: linux.debian.maint.emacsen
    From: [email protected]

    tags 177236 + patch
    thanks

    Hi.

    I took over xemacs21 last month. I can't read all of a great
    many bugs yet. So, I don't know this problem until now.

    From: Christian Jaeger <[email protected]>
    Subject: gnuserv should not listen to the internet
    Date: Fri, 13 Aug 2004 00:26:49 +0200
    This bug
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=177236
    is now 1 year and 207 days old.

    xemacs21-bin from debian unstable is still listening to the world.

    Am I the only one with a dislike for that?

    - because of security. gnuserv already had security holes in the past.

    O.K. I'll apply your patch at next release, version 21.4.5-7.
    Probably this will enter into sarge.

    Thanks.

    ----
    OHURA Makoto: [email protected](Debian Project)
    [email protected](LILO/Netfort)
    GnuPG public key: http://www.netfort.gr.jp/~ohura/gpg.asc.txt
    fingerprint: 54F6 D1B1 2EE1 81CD 65E3 A1D3 EEA2 EFA2 77DC E083
    http://www.netfort.gr.jp/~ohura/

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.5 (GNU/Linux)

    iD8DBQBBHOi+7qLvonfc4IMRAqhkAKCSS7FBfAGQVqvGtc5vXuYuH/qbNwCaAif2 g16oonAC4OMASS2izGVxMgM=
    =KuQU
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)