Klaus Schmidinger schrieb:
> How about this: if svdrphosts.conf contains only one single IP number, then
> open the port for only that IP number. Otherwise i needs to be opened
AFAIK one can only bind an IP socket to a local address (usually
corresponding to a network interface, e.g. 127.0.0.1) or 0.0.0.0, so if
I want to accept SVDRP _from_ a specific address via eth0, I have to
bind to the address configured on eth0.
As I get the peer address via accept(), I can directly determine if I
want to "risk" talking to (or even reading from) it, I assume VDR does
exactly this by looking up the address in svdrphosts.conf.
IMHO: If there is a vulnerability that is effective when one only calls
accept(), this is a problem of the OS (Kernel/libc). If one is really
paranoid, there's always netfilter.
vdr mailing list