Klaus Schmidinger schrieb:

> How about this: if svdrphosts.conf contains only one single IP number, then
> open the port for only that IP number. Otherwise i needs to be opened 
> generally,
> anyway.

AFAIK one can only bind an IP socket to a local address (usually
corresponding to a network interface, e.g. or, so if
I want to accept SVDRP _from_ a specific address via eth0, I have to
bind to the address configured on eth0.

As I get the peer address via accept(), I can directly determine if I
want to "risk" talking to (or even reading from) it, I assume VDR does
exactly this by looking up the address in svdrphosts.conf.

IMHO: If there is a vulnerability that is effective when one only calls
accept(), this is a problem of the OS (Kernel/libc). If one is really
paranoid, there's always netfilter.



vdr mailing list

Reply via email to