Opened 18 years ago
Closed 18 years ago
#2031 closed patch (wontfix)
Security Risk: myth's backend binds to all interfaces
| Reported by: | Owned by: | Isaac Richards | |
|---|---|---|---|
| Priority: | minor | Milestone: | unknown |
| Component: | mythtv | Version: | |
| Severity: | medium | Keywords: | |
| Cc: | Ticket locked: | no |
Description
Myth's backend binds to all network interfaces. It would be nice to be able to override this, as it opens up possibly security vulnerabilities (e.g., most users probably do not need the backend listening on their internet connection).
The attached patch fixes this by making the backend bind to just the interface that it is specified to be running on according to the databases (localhost by default). As this option is used by the frontend to find the backend, it does make it impossible for the backend to bind to multiple interfaces -- perhaps another option should be added instead (but then, the frontend only looks for the backend on this one interface, so that point is probably moot).
Attachments (1)
Change History (3)
Changed 18 years ago by
| Attachment: | myth-interface.patch added |
|---|
comment:1 Changed 18 years ago by
comment:2 Changed 18 years ago by
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Don't think this's necessary, and, really, that's what a firewall's for.
Just for reference, the fancy on-line viewer thing does not show the patch I send in it's entirety. Specifically, the changes to "mainserver.cpp" and "sever.cpp" are not shown (possibly some files have been renamed in HEAD or something -- my patch was based on 0.19). Clicking on the original format button does give the entire thing.