[OpenIndiana-discuss] OI Hipster becomes unreachable over network after a certain length of uptime

Judah Richardson judahrichardson at gmail.com
Tue Apr 12 18:40:37 UTC 2022


On Tue, Apr 12, 2022, 13:36 Udo Grabowski (IMK) <udo.grabowski at kit.edu>
wrote:

> On 12/04/2022 20:29, Judah Richardson wrote:
> > On Tue, Apr 12, 2022, 13:27 Udo Grabowski (IMK) <udo.grabowski at kit.edu>
> > wrote:
> >
> >> On 12/04/2022 20:00, John D Groenveld wrote:
> >>> In message <e042f009-5caa-bae0-5181-d294d4ad213b at kit.edu>, "Udo
> >> Grabowski (IMK)
> >>> " writes:
> >>>> No, it isn't, it's controlled by
> >>>> /lib/svc/manifest/network/routing/route.xml ,
> >>>> which is not enabled by default, as practically no machine
> >>>> in the field is working as a router, you have to specifically
> >>>> enable the route:default service.
> >>>
> >>> svc:/network/routing/route is enabled out of the box with
> >>> OI-hipster-text-20211031.iso
> >>
> >> Why ?? This hasn't been the case for at least two decades of
> >> Solaris and beyond.
> >
> > Probably an oversight, I'd guess. As with many such situations, things
> that
> > aren't obviously and critically broken don't get much attention ;)
>
> In fact, it is critically broken, as a routing service introduces
> a whole new security context that can open critical intrusion pathes.
>
Ah, TIL. It'll probably be late next week before I can take another crack
at resolving this issue on my end and report anything useful. For now I'm
hoping the adjustment I made earlier does the trick.

>
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
>


More information about the openindiana-discuss mailing list