service accepting commands from the network by default

Till Maas opensource at till.name
Sun Feb 22 21:14:36 UTC 2015


On Sun, Feb 22, 2015 at 01:55:31PM -0700, Kevin Fenzi wrote:
> On Sun, 22 Feb 2015 21:25:01 +0100
> Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl> wrote:
> 
> > So, my problem is whether the package should go through review in
> > current state. My gut feeling is that it shouldn't, but I don't want
> > to overstep my role as a reviewer.
> 
> I'd personally agree. Can they not at least make it only listen on
> localhost unless configured otherwise?

Yes, I agree here, access to elasticsearch allowed to execute arbitrary
code in the past.

Regards
Till


More information about the devel mailing list