| 1 |
On Thu, Dec 4, 2014 at 12:37 PM, Christopher Head <chead@×××××.ca> wrote: |
| 2 |
> |
| 3 |
> What if now, by some accident, iptables ends up in a loop (maybe not even a loop including $insecure_service, but some other loop entirely), and it’s the randomly chosen victim? Is it still good to boot as many services as possible? I think not. |
| 4 |
|
| 5 |
My understanding of the algorithm is that it explicitly does not break |
| 6 |
on "need" boundaries and cycle breaking doesn't affect the rest of the |
| 7 |
graph. So in that scenario, if iptables isn't started, your |
| 8 |
hypothetical insecure service won't be started either. It's rather |
| 9 |
conservative and sane, IMO. |
| 10 |
|
| 11 |
-Wyatt |
Archives