[tahoe-lafs-trac-stream] [tahoe-lafs] #1410: sftp server listens on reachable IP addresses by default
tahoe-lafs
trac at tahoe-lafs.org
Wed May 25 15:42:16 PDT 2011
#1410: sftp server listens on reachable IP addresses by default
---------------------------+---------------------------
Reporter: gdt | Owner:
Type: defect | Status: new
Priority: minor | Milestone: undecided
Component: code-frontend | Version: 1.8.2
Keywords: sftp security | Launchpad Bug:
---------------------------+---------------------------
The sftp server listens without binding to localhost by default. While
the docs advise (see #1175) to specify 127.0.0.1, sftp should default to
local because it's the standard approach for FUSE mounting, and mounting a
filesystem locally should not cause any globally listening sockets.
Eventually we'll have IPv6, so listening should be on not only 127.0.0.1
but also ::1. Therefore I suggest a variable in the sftpd section
"global", defaulting to false, that if false causes listening on localhost
only, and if true the current behavior.
--
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1410>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list