]] Serafeim Zanikolas | The service supports no authorisation/authentication and, as of now, has no | way of limiting the size of inserted messages. Would it be acceptable if I | were to patch the tests to accept connections only from the localhost? | (implies a potential risk of a local user attack)
What are the implications of a user inserting a message? Test failing where it should succeed? DoS causing the build to fail? DoS causing the disk to fill up? Local root exploit? If it's just the build failing, I think it's fine. If it becomes a root exploit, it's certainly not. | From a robustness perspective, I could patch the tests to try several | different port numbers if the default (11400) is not available. This might be good, yes. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
