[vdr] [Patch] Allow to limit SVDRP port to given IP

Manuel Reimer Manuel.Reimer at gmx.de
Fri Jan 8 13:27:16 CET 2010


Hello,

the INSTALL file in the VDR source code says:

WARNING: DUE TO THE OPEN SVDRP PORT THIS PROGRAM MAY CONSTITUTE A
=======  POTENTIAL SECURITY HAZARD! IF YOU ARE NOT RUNNING VDR IN
         A CONTROLLED ENVIRONMENT, YOU MAY WANT TO DISABLE SVDRP
         BY USING '--port=0'!

This is a solution, but it also makes it impossible to use svdrpsend.pl on the local VDR and so makes scripts fail, which want to send status messages to VDR and makes it impossible to to remap the power key to call "svdrpsend.pl HITK POWER".

A much better solution would be to allow to just open the SVDRP port on "localhost", so only local software is able to use it and the port is not accessible from network.

I've attached a patch, which makes the following command line a valid command line for VDR:

vdr -p 127.0.0.1:2001

Any other IP may be specified, too, for example to get VDR to listen only on one NIC on a machine with multiple NICs.

The patch is only a proof of concept. It uses a global variable to hold the IP, as this was the minimally invasive way to modify VDR. This should be modified in a final version of the patch. I'll make a nicer version, if Klaus thinks, that this feature may be interesting for VDR. The patch can be applied to VDR 1.6.0-2 with or without extensions patch and VDR 1.7.10. I didn't try 1.7.11, but most probably the patch will work there, too.

Yours

Manuel Reimer
-- 
()  ascii ribbon campaign - against html mail
/\                        - gegen HTML-Mail
answers as html mail will be deleted automatically!
Antworten als HTML-Mail werden automatisch gelöscht!

Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 -
sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vdr-1.6.0-2_setip.diff
Type: application/octet-stream
Size: 3244 bytes
Desc: not available
URL: <http://www.linuxtv.org/pipermail/vdr/attachments/20100108/b45e61e8/attachment.obj>


More information about the vdr mailing list