[Nut-upsdev] Re: [nut-commits] svn commit r714 - in trunk: .
Charles Lepple
clepple at gmail.com
Thu Jan 11 05:07:20 CET 2007
On 1/10/07, Peter Selinger <selinger at mathstat.dal.ca> wrote:
> Arjen de Korte wrote:
> >
> >
> > >> The question remains how to migrate to the new situation.
> > [...]
> > >> But would it be wise to open an AF_INET6
> > >> socket bound to [::] as well, or would that open up a security hole?
> > > errr... wait. you keep saying upsd only has one listening socket for
> > > now, and now you want to open two? :)
> >
> > We only have one listening socket now, but in the *new* situation, we'll
> > be able to support an arbitrary number. OK, in reality this will probably
> > limited by the amount the system is able to support, but I don't think nut
> > must set a limit here. The question I had, if an AF_INET6 socket bound to
> > [::] has security implications, if we would create this as 'service' when
> > nut-2.2 is installed. Thinking it over, this is probably *not* a very good
> > idea. A system administrator may not have noticed that we opened this
> > socket without any access policy.
>
> Is there any point, besides Ip4/Ip6 support, to listen on an unlimited
> number of sockets? You can create an unlimited number of connections
> by listening on just one socket, right?
Right, but if you have a firewall with multiple internal network
interfaces, you might not want to bind to the external interface.
I got the impression that Arjen's idea of multiple sockets was to bind
each socket to a different address (and soon, potentially different
address families).
--
- Charles Lepple
More information about the Nut-upsdev
mailing list