Re: "git daemon" - H. Peter Anvin

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "H. Peter Anvin" <hpa@zytor.com>
To: Linus Torvalds <torvalds@osdl.org>
Cc: Git Mailing List <git@vger.kernel.org>
Subject: Re: "git daemon"
Date: Fri, 15 Jul 2005 19:06:10 -0700	[thread overview]
Message-ID: <42D86B92.7010303@zytor.com> (raw)
In-Reply-To: <Pine.LNX.4.58.0507131946540.17536@g5.osdl.org>

Linus Torvalds wrote:
> 
> What I'd ask people to check is how comfortable for example kernel.org 
> would be to have one machine that runs this kind of service? I've tried 
> very hard to set it up so that it doesn't have any security issues: the 
> daemon can be run as "nobody", and it shouldn't ever even write to any 
> files, although I guess we should do a full check of that.
> 

Since it can be run as a sequestered user, and we now have plenty of CPU 
horsepower on the download servers, it seems like it should be an 
entirely sane thing to do.

Is this thing meant to be run from inetd, or is it a "listen and fork" 
daemon?  Especially the latter case, it absolutely *have* to have 
protections for:

- "SYN and run" DoS attacks;
- Too many connections from the same IP;
- Too many processes running total.

	-hpa

next prev parent reply	other threads:[~2005-07-16  2:07 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-07-14  2:53 "git daemon" Linus Torvalds
2005-07-14  3:11 ` Linus Torvalds
2005-07-16  2:06 ` H. Peter Anvin [this message]
2005-07-16  3:04   ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42D86B92.7010303@zytor.com \
    --to=hpa@zytor.com \
    --cc=git@vger.kernel.org \
    --cc=torvalds@osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).