On Tue, 2016-10-11 at 09:01 -0500, Christopher Allan Webber wrote:
> The Guile team has just pushed out a new commit on the Guile stable-2.0
> branch addressing a security issue for Guile. There will be a release
> shortly as well. The commit is
> 08c021916dbd3a235a9f9cc33df4c418c0724e03, or for web viewing purposes:
> Due to the nature of this bug, Guile applications themselves in general
> aren't vulnerable, but Guile developers are. Arbitrary scheme code may
> be used to attack your system in this scenario.
> There is also a lesson here that applies beyond Guile: the presumption
> that "localhost" is only accessible by local users can't be guaranteed
> by modern operating system environments. If you are looking to provide
> local-execution-only, we recommend using unix domain sockets or named
> pipes. Don't rely on localhost plus some port.
Indeed, I've considered to do so in Artanis too.
But maybe we should provide both just like what php-fpm does? And let users
choose which one to use, localhost:port or unix socket.