[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Guile security vulnerability w/ listening on localhost + port (with
From: |
Nala Ginrut |
Subject: |
Re: Guile security vulnerability w/ listening on localhost + port (with fix) |
Date: |
Wed, 12 Oct 2016 23:49:39 +0800 |
On Tue, 2016-10-11 at 09:01 -0500, Christopher Allan Webber wrote:
> The Guile team has just pushed out a new commit on the Guile stable-2.0
> branch addressing a security issue for Guile. There will be a release
> shortly as well. The commit is
> 08c021916dbd3a235a9f9cc33df4c418c0724e03, or for web viewing purposes:
>
> http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=08c021916
> dbd3a235a9f9cc33df4c418c0724e03
>
> Due to the nature of this bug, Guile applications themselves in general
> aren't vulnerable, but Guile developers are. Arbitrary scheme code may
> be used to attack your system in this scenario.
>
> There is also a lesson here that applies beyond Guile: the presumption
> that "localhost" is only accessible by local users can't be guaranteed
> by modern operating system environments. If you are looking to provide
> local-execution-only, we recommend using unix domain sockets or named
> pipes. Don't rely on localhost plus some port.
>
Indeed, I've considered to do so in Artanis too.
But maybe we should provide both just like what php-fpm does? And let users
choose which one to use, localhost:port or unix socket.