Thursday, December 06, 2007

Pilot Error

aThe Job had an interesting filed issue, one where a running process had its RPC binding hijacked by a manual invocation of the same program. This had the puzzling effect of blocking new connections, while leaving existing connections intact.

So the Ninja Lesson from that is twofold:

  1. servers must be controlled so that an accidental start will not clobber an already running process
    1. this means making all your '1-of' initializations must be explicit, and after the check for an already running copy
    2. you need a check for already running copy
  2. you need to make it difficult for your servers to be accidentally invoked
    1. make a user for general observation/maintenance not have execute permission for your servers
    2. remove the server directory from the path
These will help prevent this problem

Technorati Tags --
, , ,

No comments: