Guile security vulnerability w/ listening on localhost + port
Guile security vulnerability w/ listening on localhost + port
[Development] Posted Oct 13, 2016 18:07 UTC (Thu) by ris
Christopher Allan Webber looks
at a security vulnerability in Guile. Guile applications are generally
not vulnerable, but arbitrary scheme code may by used to attack the systems
of Guile developers. "There is also a lesson here that applies
beyond Guile: the presumption
that "localhost" is only accessible by local users can't be guaranteed
by modern operating system environments. If you are looking to provide
local-execution-only, we recommend using unix domain sockets or named
pipes. Don't rely on localhost plus some port.
"