Hi,
During a recent irc discussion, Frank suggested the addition of an
option to limit pmlogger to listening only the AF_UNIX socket for
control connections. The idea is that the new simple authentication on
that socket is of no use if a user can just go ahead and connect via
inet or ipv6. It was also noted during the discussion that the same
effect could be achieved using ACL, something like
[access]
disallow .* : all;
disallow :* : all;
allow unix:* : enquire;
so the option would really just be a shortcut with the additional effect
that inet and ipv6 sockets would not be opened at all, although pmlogger
could probably infer the same behaviour from the configuration above.
If this seems like a good idea to others, I can go ahead and implement it.
As is my nature, I also got to thinking about whether there would be any
value in a general option for this. That is, an option which does not
strictly focus on access via AF_UNIX. Perhaps something like -f, where
'f' stands for 'families' and which would accept a list of the address
families to listen on. Some examples:
-f unix
-f inet
-f ipv6
-f inet,ipv6
-f all
-f none # no control connections?
Thoughts?
Dave
|