Questions from my local LUG ML
Derek Broughton
auspex at pointerstop.ca
Sun Jan 7 19:48:54 GMT 2007
On Saturday 06 January 2007 20:25, Scott James Remnant wrote:
> On Sat, 2007-01-06 at 17:32 -0600, Conrad Knauer wrote:
> >
> > "The idea of any monolithic program listening on a few dozen network
> > ports is scary, as is any program responsible for managing many task
> > along with extra stuff. [...] one tool running with privileges
> > managing all that stuff is silly. The day Window became insecure was
> > the day MS started pushing all the userland tools into system space.
> > BIND has been rewritten several times and still hasn't eliminated all
> > the security problems associated with it's monolithic design. In
> > comparison, how often do we see exploits for ls, head, cat, etc.?"
>
> I agree.
>
> So at this point it's worth noting that the idea of replacing inetd
> hasn't been finalised yet, and isn't that popular with most people
> either -- including myself.
>
> It's kinda there as a possibility for the future, it's not something
> upstart can do right now.
>
> If we were to do that, I would imagine that there would be a separate
> process that did the network listening; and handed the open socket over
> to the init daemon which started the services.
Indeed - once upstart is productionalized, it would make perfect sense for
inetd to remain the port listener, but actually use upstart to start
servcies.
--
derek
More information about the upstart-devel
mailing list