[Ffmpeg-devel] CVS --> Subversion conversion, test repository
Rich Felker
dalias
Wed May 24 17:52:34 CEST 2006
On Tue, May 23, 2006 at 03:31:22PM +0200, Christian Iversen wrote:
> > > > > - Runs on apache, so it's a proven technology with a fair security
> > > > > history.
> > > >
> > > > Apache is proven but surely not secure, just revisit its formidable
> > > > list of security advisories. Besides Apache is huge and complex, which
> > > > in itself is a contradiction to being secure. svnserve on the other
> > > > hand is small and does just one thing. It's been in production use for
> > > > enough time to call proven technology as well IMO.
> > >
> > > In my defense, I wrote "fair", not "perfect" ;-)
> >
> > OK. Still Apache is something to worry about, it's not vsftpd ..
>
> I'd worry about any internet-enabled program, but that's just me. I understand
> your point though :-)
#include <stdio.h>
#include <netinet/in.h>
#include <sys/socket.h>
int main()
{
struct sockaddr_in sin = { .sin_family = AF_INET, .sin_port = htons(1234), .sin_addr = { .s_addr = 0 } };
int s = socket(AF_INET, SOCK_STREAM, 0), t;
bind(s, &sin, sizeof sin);
listen(s, 1);
while ((t = accept(s)) >= 0) {
printf("hello, world\n");
close (t);
}
return 0;
}
Some internet-enabled progs are vuln, others are not. :)
After looking at how Apache is coded I would assume it's vuln.....
Rich
More information about the ffmpeg-devel
mailing list