Ticket #1758 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

speech-dispatcher listens on 0.0.0.0

Reported by: alexander@linuxfromscratch.org Assigned to: livecd@linuxfromscratch.org
Priority: highest Milestone: 6.3
Component: CD Version: x86-6.3
Keywords: Cc:

Description

When speech-dispatcher is running, it is possible to connect to port 6560 from any other computer and produce arbitrary speech output, without any access controls.

Change History

10/19/07 07:50:53 changed by alexander@linuxfromscratch.org

  • status changed from new to closed.
  • resolution set to fixed.

Fixed in both trunk and the minimal branch with a patch that adds the --host option and the Host configuration file directive, and confiuring it to listen on 127.0.0.1. However, it might be better to replace INADDR_ANY with INADDR_LOOPBACK and have no possibility to accept remote connections.

The official fix may be different.