[distcc] distccd, --allow, and /etc/init.d
Martin Pool
mbp at sourcefrog.net
Thu Jun 16 01:47:20 GMT 2005
On 15 Jun 2005, Daniel Kegel <dank at kegel.com> wrote:
> The --allow option is now mandatory for distcc's daemon mode.
> This is a good thing; I hate letting somebody else's
> Aunt Tilly have the ability to run processes on my box :-)
It's kind of a kludge, but better than having it default open.
> But it presents a challenge for those packaging
> distccd up as an rpm. The rpm comes with an /etc/init.d script
> to start up daemon mode. Now, I could require the person
> installing the rpm to edit that script and put in the
> right argument for --allow, but that's not going to go
> over well for my users.
The Debian script asks you what networks you trust at install time.
But rpm installation is generally interactive (which I actually
prefer).
I also prefer that merely installing a package not cause any security
holes to open, so I'd lean towards requiring people to specifically
turn it on and set the trusted networks after installation. But
again, that might not be appropriate for your package. (Is it for
internal use or general distribution?)
In some cases it might be OK to just trust 10.0.0.0/8 and
192.168.0.0/16; this probably covers many situations without causing
much risk.
> I think what I'm going to do is have the init script read
> /etc/distccd.allow to get the list of networks to pass to --allow.
> The format will be simple:
> ipadr/size
> ipadr/size
> ...
> so it's easy for networks ops people (who would not enjoy
> editing /etc/init.d/distccd) to maintain.
That makes a lot of sense; I think it's always better to keep the
editable bits separate from the scripts themselves.
--
Martin
More information about the distcc
mailing list