Comment # 1
on bug 981
from Ken McDonell
We I (for one) use pmlc on one machine to interrogate (and sometimes control)
pmlogger on another machine.
There are a number of use cases where this makes sense:
1. checking on the internal status of a remote pmlogger
2. the pmie -> alarm -> add metrics to be logged for a short time pattern that
is really useful
Using AF_UNIX would stop any distributed use of pmlc.
There is already an access control clause available in the pmlogger
configuration files, and I think Nathan's recent work on making a better fist
of creating default pmlogger configuration files included turning off remote
pmlc access to change the pmlogger config (stops my 2. above, but allows 1.).
I'd consider making this more restrictive (even a default opt-out behaviour
from pmlogger if needs be) before preventing the channel from being available
if required for remote operations.
It does not help Frank's concerns much, but pmlogger is no more of a DOS attack
vector than pmcd is! Based on lots and lots of experience, both tools are
likely to be blocked at the corporate firewall and offered relatively generous
access control for use behind the firewall.