Opened 13 years ago

Closed 13 years ago

#2031 closed patch (wontfix)

Security Risk: myth's backend binds to all interfaces

Reported by: twhitehe@… Owned by: Isaac Richards
Priority: minor Milestone: unknown
Component: mythtv Version:
Severity: medium Keywords:
Cc: Ticket locked: no

Description

Myth's backend binds to all network interfaces. It would be nice to be able to override this, as it opens up possibly security vulnerabilities (e.g., most users probably do not need the backend listening on their internet connection).

The attached patch fixes this by making the backend bind to just the interface that it is specified to be running on according to the databases (localhost by default). As this option is used by the frontend to find the backend, it does make it impossible for the backend to bind to multiple interfaces -- perhaps another option should be added instead (but then, the frontend only looks for the backend on this one interface, so that point is probably moot).

Attachments (1)

myth-interface.patch (4.3 KB) - added by twhitehe@… 13 years ago.

Download all attachments as: .zip

Change History (3)

Changed 13 years ago by twhitehe@…

Attachment: myth-interface.patch added

comment:1 Changed 13 years ago by twhitehe@…

Just for reference, the fancy on-line viewer thing does not show the patch I send in it's entirety. Specifically, the changes to "mainserver.cpp" and "sever.cpp" are not shown (possibly some files have been renamed in HEAD or something -- my patch was based on 0.19). Clicking on the original format button does give the entire thing.

comment:2 Changed 13 years ago by Isaac Richards

Resolution: wontfix
Status: newclosed

Don't think this's necessary, and, really, that's what a firewall's for.

Note: See TracTickets for help on using tickets.