22 Dec
2021
22 Dec
'21
10:45 p.m.
On Dec 22, 2021, at 1:40 PM, Robert Armstrong <bob
at jfcl.com> wrote:
Please give us (pyDECnet users) a way to disable it - pyDECnet runs as
root and I'm not really comfortable having it become a program that can
remotely read or write files on my system.
Agreed! It seems like something that should be an optionally-enabled feature, and
something that can't serve anything outside of a specified directory tree (security
bugs notwithstanding). Write-only and read-only directories would be helpful, though that
may come for free just by using host filesystem permissions.
Hmm, I do have pyDECnet running as root here at home. I'll look into changing that.
ISTR that I set it up to run under a non-root account at work, but it'll be 2022
before I can easily verify that.
--
Mark J. Blair, NF6X <nf6x at nf6x.net>
https://www.nf6x.net/