Hi - > > > see it is already in a comment in the code. Best to also add it as See > > > also in the docs. > > > > OK. > > Thanks, that would be good.
Done. > > > > +control. The \fI/metrics\fP webapi endpoint is probably not > > > > +appropriate for disclosure to the public. > > > > > > So, should there be an option to turn it off? > > > > IMHO not necessary. The security section already advises against > > exposing an unprotected debuginfod server to the public. A front-end > > reverse-proxy would easily filter requests to /metrics. > > I think defense in depth is not a bad thing. > You already have local users to which it is exposed. Local users can already run "ps awux" to see the same semi-sensitive command line arguments. > And it would also make the server do slightly less work. Maybe, but if it's a serious/public enough installation to worry about configuration privacy, then it's also bound to be important enough to be be monitored, so its admin would not turn this off. > Note that the current code defines tid () as syscall(SYS_getpid). > Should be SYS_gettid. OK. - FChE