Hi! Klaus Schmidinger schrieb: > How about this: if svdrphosts.conf contains only one single IP number, then > open the port for only that IP number. Otherwise i needs to be opened generally, > anyway. AFAIK one can only bind an IP socket to a local address (usually corresponding to a network interface, e.g. 127.0.0.1) or 0.0.0.0, so if I want to accept SVDRP _from_ a specific address via eth0, I have to bind to the address configured on eth0. As I get the peer address via accept(), I can directly determine if I want to "risk" talking to (or even reading from) it, I assume VDR does exactly this by looking up the address in svdrphosts.conf. IMHO: If there is a vulnerability that is effective when one only calls accept(), this is a problem of the OS (Kernel/libc). If one is really paranoid, there's always netfilter. Ciao Martin _______________________________________________ vdr mailing list vdr@xxxxxxxxxxx http://www.linuxtv.org/cgi-bin/mailman/listinfo/vdr
