On 03/12/10 02:40 PM, [email protected] wrote:
Hey Shawn,
Sorry I didn't get to this last night.
webrev:
http://cr.opensolaris.org/~swalker/pkg-5650/
This change looks good.
The introduction of 'HOST_DEFAULT= "0.0.0.0"' raises another issue that
you might want to put on your radar. I don't expect you to address it
in this putback; however, we might actually want to configure the pkg
depot smf service to set HOST_DEFAULT to 127.0.0.1, so that by default
it only accepts connections from loopback. I realize this isn't a
foolproof security measure, and users will probably want to change the
default if they're serving other clients from their depot. We do this
for a number of other network services, and it might be worthwhile to
try to choose a more secure out-of-the-box configuration for pkg.depotd
when it's initially installed.
That's exactly why I made the change to use the HOST_DEFAULT constant.
I'm planning on eventually exposing the server_host via SMF/CLI.
But that's obviously an enhancement so I decided to stick with a simpler
fix for the moment.
Cheers,
--
Shawn Walker
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
