Linus Torvalds wrote:
What I'd ask people to check is how comfortable for example kernel.org
would be to have one machine that runs this kind of service? I've tried
very hard to set it up so that it doesn't have any security issues: the
daemon can be run as "nobody", and it shouldn't ever even write to any
files, although I guess we should do a full check of that.
Since it can be run as a sequestered user, and we now have plenty of CPU
horsepower on the download servers, it seems like it should be an
entirely sane thing to do.
Is this thing meant to be run from inetd, or is it a "listen and fork"
daemon? Especially the latter case, it absolutely *have* to have
protections for:
- "SYN and run" DoS attacks;
- Too many connections from the same IP;
- Too many processes running total.
-hpa
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
