Page MenuHomePhabricator
Create Task
Maniphest T241280

Configurable listening address for poolcounter service
Closed, InvalidPublic
Actions

Description

It seems that the poolcounter service listens on 0.0.0.0 by default and there is no way to override it, say to 127.0.0.1.

Related Objects

Event Timeline

Nikerabbit created this task.Dec 20 2019, 9:12 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 20 2019, 9:12 PM
Legoktm closed this task as Invalid.Jun 28 2022, 11:36 PM
Legoktm subscribed.

Maybe you're using an old version? In 1.1.0 I did rMSPC112a76152ef6: Only listen on localhost by default so it listens on localhost by default. I believe the Debian package systemd unit ships with -l 0.0.0.0, but you can override that however you override systemd units.

Nikerabbit added a comment.Jun 29 2022, 6:10 AM

Probably I was looking at an older version.

Overwriting ExecStart isn't the most trivial thing to do. Why does the debian package have an insecure default?

Legoktm added a comment.Jun 29 2022, 7:24 AM
In T241280#8035839, @Nikerabbit wrote:

Overwriting ExecStart isn't the most trivial thing to do. Why does the debian package have an insecure default?

You got me, same reason just in the other direction :) And Wikimedia production uses the Debian package and needs to listen on 0.0.0.0. Tbh I wonder if we're going to keep using the Debian package or eventually containerize it.

In any case, I'll add it to my todo list to make the package secure by default and figure out how to fix it in prod for bookworm.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL