From dad3c96a37d8d893bee7ea3cc6f1cc23cadc258a Mon Sep 17 00:00:00 2001 From: Kentaro Hayashi Date: Tue, 10 Mar 2026 15:38:32 +0900 Subject: [PATCH] in_debug_agent: accept only from local machine by default Usually, in_debug_agent must be explicitly enabled by users who know what you do. But, there is an security concern which accepts external access by default even though user must enable it explicitly. With this commit, change that behavior a bit secure by default. Signed-off-by: Kentaro Hayashi --- lib/fluent/plugin/in_debug_agent.rb | 2 +- test/plugin/test_in_debug_agent.rb | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/fluent/plugin/in_debug_agent.rb b/lib/fluent/plugin/in_debug_agent.rb index e8e9c625c7..1ee9c3671a 100644 --- a/lib/fluent/plugin/in_debug_agent.rb +++ b/lib/fluent/plugin/in_debug_agent.rb @@ -26,7 +26,7 @@ def initialize super end - config_param :bind, :string, default: '0.0.0.0' + config_param :bind, :string, default: '127.0.0.1' config_param :port, :integer, default: 24230 config_param :unix_path, :string, default: nil #config_param :unix_mode # TODO diff --git a/test/plugin/test_in_debug_agent.rb b/test/plugin/test_in_debug_agent.rb index 24f73a8d1a..81ece6c7c6 100644 --- a/test/plugin/test_in_debug_agent.rb +++ b/test/plugin/test_in_debug_agent.rb @@ -46,4 +46,12 @@ def test_multi_worker_environment_with_unix_path assert_false d.instance.multi_workers_ready? end end + + def test_default_configuration + assert_nothing_raised do + d = create_driver + assert_equal(['127.0.0.1', 24230, 'Fluent::Engine'], + [d.instance.bind, d.instance.port, d.instance.object]) + end + end end