[Initng] IRC meeting
Eric MSP Veith
eveith at wwweb-library.net
Sun Dec 2 16:35:13 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 02 December 2007, "Rob Ubuntu Linux"
<rob.ubuntu.linux at googlemail.com> wrote:
> On Nov 30, 2007 9:59 PM, Eric MSP Veith <eveith at wwweb-library.net> wrote:
> > This is exactly why DJB chose to monitor the logging part separately.
> > Please see http://cr.yp.to/daemontools/faq/create.html#run. Quote from
> > the most
> >
> > important part:
> >> To fix this problem, use a separate log.
>
> Interesting to see the "daemontools" take on services. Do you know
> why DJB's daemons, didn't "simply" use syslog(3) (via a restrictive
> wrapper in his program if needs be)?
You can always use daemontools and syslog; e.g. qmail comes with a logging
binary that injects log messages into syslog. It automatically sets
priority and holds log messages until syslog is available. You don't _have_
to use multilog, although it has some nice features (e.g. exact timestamps
in tai64 format, automatic log rotation, and so on. Recent syslog daemons
have caught up on this, however.)
> Wietse Venama's security features, like the tcp_wrappers
> (hosts.{allow,deny}) package for inetd(8) fitted in with the system,
> for kernel & general logging, so always seemed more tasteful to me as
> they avoided adding yet another critical daemon to watch.
The tcp_wrappers aren't that commonly used that they are more than a nice
exciter in my eyes. But this isn't the point: inetd suffers alot of
shortcomings, for example it cannot cope with lots of concurrently incoming
connections and tends to reset all connections every now and then. I'm not
sure whether this was fixed or not, though; but I switched to DJB's
ucspi-tcp package because of this, and even nowadays it gives my shudders
to see an inetd running and I tend to shut it down as fast as I can. :-)
But as I said, I haven't run any tests lately, and I don't know how xinetd
performs, so this is more a personal preference because of remeberance than
anything else.
> Postfix became main SMTP daemon in a few distros, and is still the
> default in OpenSuSE.
This has another reason AFAIK: DJB forbids the distribution of pre-compiled
Qmail packages, because he feares that the distributors would add bugs and
security holes by patching Qmail. The SuSE guys didn't want to stick with
sendmail, so they switched to Postfix.
> There's a recent paper by DJB on security and design decisons of
> qmail, in part of it, he suggests he should have "fixed" the file
> system, rather than program to avoid having zillions of small files,
> which to me suggests "ivory tower" tendency, rather than practical in
> the trenches compromises. Filesystems take years to get right.
I'm interested in this; could you provide an URL please? :-)
Eric
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHUt7CfkUtd7QNU/sRAiwOAJ9Q2OPrbHexW5oRjnEkY2/IJWGMNQCfRt57
Zr+q98YzxmRTSZOaP/+twK8=
=2IaZ
-----END PGP SIGNATURE-----
More information about the upstart-devel
mailing list