#1446 packaging guidelines - default-on services vs. "public network socket"
Closed None Opened 4 years ago by fche.

= phenomenon =

Recent changes to the packaging guidelines are unclear as to intent about whether services that listen on local/unix-domain network sockets only are now welcome to be default-on vs. previously default-off.

Note that this issue is separate from the default-off policy for traditional network servers, which are left to the spin/edition working groups' discretion to permit.

= background analysis =



= implementation recommendation =

Decision sought about whether previous security concerns (such as prevention of local privilege escalation) are now acceptable, traded against the extra out-of-the-box functionality possible with more services. Some possible outcomes:

1) Roll back the policy wording to "does not listen on a network socket" (as being a condition for default-on). Note that this older wording is also unclear, as e.g. unix-domain sockets may or may not be deemed "network sockets".

2) Adopt the more expansive/welcoming definition, designating the external network as the main source of threat and the localhost as only an acceptable lesser one.

Do we need a new ticket here?

sgallagh reopened ticket 1441 to discuss this...

agreed Rephrase this line as "If a service does not require configuration to be functional and does not listen on a network socket for connections originating on a separate physical or virtual machine" (+5,-1,1)

(Sorry for missing the IRC meeting, but this trac item wasn't 'meeting'-keyworded, so I wasn't expecting the topic to come up yet.)

Login to comment on this ticket.