From: Stanley Lieber <sl@stanleylieber.com>
To: 9front@9front.org
Subject: Re: [9front] aux/listen changes
Date: Tue, 18 Apr 2017 18:55:11 -0400 [thread overview]
Message-ID: <BABD582B-1269-4AD0-B2E7-F532BD11CB7B@stanleylieber.com> (raw)
In-Reply-To: <DB029302-BDC5-4FA5-84A1-55F76D42F626@quintile.net>
[-- Attachment #1: Type: text/plain, Size: 2255 bytes --]
> On Apr 18, 2017, at 6:39 PM, Steve Simon <steve@quintile.net> wrote:
>
>
>> On 18 Apr 2017, at 21:23, Stanley Lieber <sl@stanleylieber.com> wrote:
>>
>>
>>
>>> On Apr 18, 2017, at 4:12 PM, Kurt H Maier <khm@sciops.net> wrote:
>>>
>>> As it stands, on an unconfigured 9front:
>>>
>>> 7/tcp open echo
>>> 9/tcp open discard
>>> 19/tcp open chargen
>>> 21/tcp open ftp
>>> 23/tcp open telnet
>>> 25/tcp open smtp
>>> 53/tcp open domain
>>> 110/tcp open pop3
>>> 113/tcp open ident
>>> 143/tcp open imap
>>> 513/tcp open login
>>> 993/tcp open imaps
>>> 995/tcp open pop3s
>>>
>>>
>>> this is super grody.
>>
>> This, too, is still a problem:
>>
>> http://bugs.9front.org/open/too_many_listeners_with_broken_configurations_are_started_in_rcbinservice/
>>
>> sl
>>
>
> Ah, I am still on the labs distort (sorry) - they used to prefix all the scripts in /rc/bin/service (and /rc/bin/service.auth) with a hash to make it invalid and thus disable that listener. To enable the service
> The administrator then has to rename the entries they want to enable.
>
> Perhaps that is different on 9 front.
>
> I agree that listen can get over-excited starting server processes - I used to run many services facing
> The sewer, sorry, internet, and script kiddies could bring listen down by hammering it. I have a distant memory that Erik changed his listen to restrict the number of children (perhaps per service) that it would start.
>
> -Steve
I think all versions of listen do ignore scripts that begin with the ! character, but what we've been talking about here are two different but related problems:
1. Multiple systems sharing one disk who want to run (or not run) a different mix of services.
2. Tracking a sane default set of enabled services in the Mercurial repository.
Aiju's suggestion solves both.
Of course, it's easy to just disable all services by default (as khm and I have asked in the past: why do we enable services that are broken -- without further configuration -- by default?). The net effect of aiju's suggestion is analogous to the way cpurc sources /cfg/$sysname/cpurc: If nothing more specific is found, devolve to the defaults.
sl
[-- Attachment #2: Type: text/html, Size: 4243 bytes --]
next prev parent reply other threads:[~2017-04-18 22:55 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-18 15:18 Julius Schmidt
2017-04-18 15:27 ` [9front] " Stanley Lieber
2017-04-18 20:06 ` Steve Simon
2017-04-18 20:12 ` Kurt H Maier
2017-04-18 20:23 ` Stanley Lieber
2017-04-18 22:39 ` Steve Simon
2017-04-18 22:55 ` Stanley Lieber [this message]
2017-04-18 20:19 ` Stanley Lieber
2017-04-19 8:05 cinap_lenrek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BABD582B-1269-4AD0-B2E7-F532BD11CB7B@stanleylieber.com \
--to=sl@stanleylieber.com \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).