|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2016-10-13 18:07:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Guile security vulnerability w/ listening on localhost + port
Christopher Allan Webber looks
at a security vulnerability in Guile. Guile applications are generally
not vulnerable, but arbitrary scheme code may by used to attack the systems
of Guile developers. "There is also a lesson here that applies
beyond Guile: the presumption
that "localhost" is only accessible by local users can't be guaranteed
by modern operating system environments. If you are looking to provide
local-execution-only, we recommend using unix domain sockets or named
pipes. Don't rely on localhost plus some port."
Christopher Allan Webber looks
at a security vulnerability in Guile. Guile applications are generally
not vulnerable, but arbitrary scheme code may by used to attack the systems
of Guile developers. "There is also a lesson here that applies
beyond Guile: the presumption
that "localhost" is only accessible by local users can't be guaranteed
by modern operating system environments. If you are looking to provide
local-execution-only, we recommend using unix domain sockets or named
pipes. Don't rely on localhost plus some port."
