In message <3qjzc32dcxzj...@spike.porcupine.org> Wietse Venema writes: > > > > No-one can connect to this from outside. > > > > That's correct. Not currently, to this current machine/port, in > > this configuration. > > If someone can connect from outside to your 127.0.0.1 port, then > you have a serious infrastructure problem. > > Wietse
Or (assuming that there are no user account on the server) another service running on the same host that has been compromised. This is further leveraging a breach. Of course that means that there had to already be a non-root breach of something else (which would already be a bad thing). But that can't possibly happen (right?). I'm not a fan of mistaking the loopback interface for a hardenned security feature. Unix domain sockets or fifo (ala mkfifo and chmod) are a better choice than inet with loopback IMO, reducing the chance of leverage. Loopback is like a socket or fifo with ugo+rw perms. Curtis
