Re: Guile security vulnerability w/ listening on localhost + port (with fix)

Hi Christopher, On 10/16, Christopher Allan Webber wrote: > So, I guess this will work from a public site as well? Yes! The HTML I mentioned in my post is available here: (Though note that it won't work i

Re: Guile security vulnerability w/ listening on localhost + port (with fix)

Christopher Allan Webber writes: > browsers do and don't allow, but I'm stunned that a browser will let a > request from some http://foo.example/ to http://localhost:37146/, even > for just a GET. It seems like there are all sorts of daemons you can > exploit that way. This can be pretty useful

Re: Guile security vulnerability w/ listening on localhost + port (with fix)

Lizzie Dixon writes: > Hi, > > On 10/11, Christopher Allan Webber wrote: >> The default in Guile has been to expose a port over localhost to which >> code may be passed. The assumption for this is that only a local user >> may write to localhost, so it should be safe. Unfortunately, users >> sim