[vdr] [Patch] Allow to limit SVDRP port to given IP

Klaus Schmidinger Klaus.Schmidinger at tvdr.de
Fri Jan 8 14:57:12 CET 2010


On 08.01.2010 13:27, Manuel Reimer wrote:
> Hello,
> 
> the INSTALL file in the VDR source code says:
> 
> WARNING: DUE TO THE OPEN SVDRP PORT THIS PROGRAM MAY CONSTITUTE A
> =======  POTENTIAL SECURITY HAZARD! IF YOU ARE NOT RUNNING VDR IN
>          A CONTROLLED ENVIRONMENT, YOU MAY WANT TO DISABLE SVDRP
>          BY USING '--port=0'!
> 
> This is a solution, but it also makes it impossible to use svdrpsend.pl on the local VDR and so makes scripts fail, which want to send status messages to VDR and makes it impossible to to remap the power key to call "svdrpsend.pl HITK POWER".
> 
> A much better solution would be to allow to just open the SVDRP port on "localhost", so only local software is able to use it and the port is not accessible from network.
> 
> I've attached a patch, ...

What about svdrphosts.conf?

#
# svdrphosts    This file describes a number of host addresses that
#               are allowed to connect to the SVDRP port of the Video
#               Disk Recorder (VDR) running on this system.
# Syntax:
#
# IP-Address[/Netmask]
#

127.0.0.1             # always accept localhost
#192.168.100.0/24     # any host on the local net
#204.152.189.113      # a specific host
#0.0.0.0/0            # any host on any net (USE THIS WITH CARE!)

Klaus



More information about the vdr mailing list