[Pkg-privacy-commits] [msva-perl] 03/15: bind to IPv4 loopback by default as suggested in http://bugs.debian.org/661939
Ximin Luo
infinity0 at moszumanska.debian.org
Mon Aug 24 07:42:26 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to annotated tag msva-perl_debian/0.8.1-2
in repository msva-perl.
commit a40d78b949ddd5e882197fe493c08c377d48a649
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Thu Mar 15 16:39:37 2012 -0400
bind to IPv4 loopback by default as suggested in http://bugs.debian.org/661939
---
Crypt/Monkeysphere/MSVA.pm | 4 ++--
Crypt/Monkeysphere/MSVA/Client.pm | 2 +-
msva-perl | 12 ++++++------
msva-query-agent | 2 +-
4 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/Crypt/Monkeysphere/MSVA.pm b/Crypt/Monkeysphere/MSVA.pm
index cadfee6..6660ece 100755
--- a/Crypt/Monkeysphere/MSVA.pm
+++ b/Crypt/Monkeysphere/MSVA.pm
@@ -886,12 +886,12 @@
}
# restore default SIGCHLD handling:
$SIG{CHLD} = 'DEFAULT';
- $ENV{MONKEYSPHERE_VALIDATION_AGENT_SOCKET} = sprintf('http://localhost:%d', $self->port);
+ $ENV{MONKEYSPHERE_VALIDATION_AGENT_SOCKET} = sprintf('http://127.0.0.1:%d', $self->port);
exec(@args) or exit 111;
}
}
} else {
- printf("MONKEYSPHERE_VALIDATION_AGENT_SOCKET=http://localhost:%d;\nexport MONKEYSPHERE_VALIDATION_AGENT_SOCKET;\n", $self->port);
+ printf("MONKEYSPHERE_VALIDATION_AGENT_SOCKET=http://127.0.0.1:%d;\nexport MONKEYSPHERE_VALIDATION_AGENT_SOCKET;\n", $self->port);
# FIXME: consider daemonizing here to behave more like
# ssh-agent. maybe avoid backgrounding by setting
# MSVA_NO_BACKGROUND.
diff --git a/Crypt/Monkeysphere/MSVA/Client.pm b/Crypt/Monkeysphere/MSVA/Client.pm
index 45ae447..ab0a70f 100644
--- a/Crypt/Monkeysphere/MSVA/Client.pm
+++ b/Crypt/Monkeysphere/MSVA/Client.pm
@@ -145,7 +145,7 @@
$self->{logger} = Crypt::Monkeysphere::MSVA::Logger->new($args{log_level});
$self->{socket} = $args{socket};
- $self->{socket} = 'http://localhost:8901'
+ $self->{socket} = 'http://127.0.0.1:8901'
if (! defined $self->{socket} or $self->{socket} eq '');
# create the user agent
diff --git a/msva-perl b/msva-perl
index befaa8d..7c2cde6 100755
--- a/msva-perl
+++ b/msva-perl
@@ -22,7 +22,7 @@ use strict;
use Crypt::Monkeysphere::MSVA;
my $server = Crypt::Monkeysphere::MSVA->new();
-$server->run(host=>'localhost',
+$server->run(host=>'127.0.0.1',
log_level=> $server->logger->get_log_level(),
user => POSIX::geteuid(), # explicitly choose regular user and group (avoids spew)
group => POSIX::getegid(),
@@ -126,11 +126,11 @@ http://web.monkeysphere.info/validation-agent/protocol
=head1 SECURITY CONSIDERATIONS
-msva-perl deliberately binds to the loopback adapter (via named lookup
-of "localhost") so that remote users do not get access to the daemon.
-On systems (like Linux) which report ownership of TCP sockets in
-/proc/net/tcp, msva-perl will refuse access from random users (see
-MSVA_ALLOWED_USERS above).
+msva-perl deliberately binds to the IPv4 loopback (on 127.0.0.1) so
+that remote users do not get access to the daemon. On systems (like
+Linux) which report ownership of TCP sockets in /proc/net/tcp,
+msva-perl will refuse access from random users (see MSVA_ALLOWED_USERS
+above).
=head1 SEE ALSO
diff --git a/msva-query-agent b/msva-query-agent
index c8ebdd2..122d872 100755
--- a/msva-query-agent
+++ b/msva-query-agent
@@ -118,7 +118,7 @@ msva-query-agent's behavior is controlled by environment variables:
=item MONKEYSPHERE_VALIDATION_AGENT_SOCKET
Socket over which to query the validation agent. If unset, the
-default value is 'http://localhost:8901'.
+default value is 'http://127.0.0.1:8901'.
=item MSVA_LOG_LEVEL
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/msva-perl.git
More information about the Pkg-privacy-commits
mailing list