Linus Torvalds wrote:

What I'd ask people to check is how comfortable for example would be to have one machine that runs this kind of service? I've tried very hard to set it up so that it doesn't have any security issues: the daemon can be run as "nobody", and it shouldn't ever even write to any files, although I guess we should do a full check of that.

Since it can be run as a sequestered user, and we now have plenty of CPU horsepower on the download servers, it seems like it should be an entirely sane thing to do.

Is this thing meant to be run from inetd, or is it a "listen and fork" daemon? Especially the latter case, it absolutely *have* to have protections for:

- "SYN and run" DoS attacks;
- Too many connections from the same IP;
- Too many processes running total.

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at

Reply via email to