curl-library
Binding socks port in test suite
From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Mon, 26 Nov 2007 09:28:43 -0800
Date: Mon, 26 Nov 2007 09:28:43 -0800
runtests.pl has just been updated to stop binding the socks server to
localhost when started because doing so didn't work on some platforms.
Unfortunately, this opens up a security hole on all systems running the
curl test suite. The socks port becomes open to all systems and on machines
facing the open Internet, socks can be used to forward spam, launch attacks
on remote machines, or even attack machines on a local network accessible
by the curl machine.
Rather than opening up this hole to allow the tests to run on more machines,
I would rather socks testing be disabled on systems that can't handle binding
to localhost.
>>> Dan
-- http://www.MoveAnnouncer.com The web change of address service Let webmasters know that your web site has movedReceived on 2007-11-26