[mythtv-users] Security of MythTV Status page?
Michael T. Dean
mtdean at thirdcontact.com
Sat May 3 23:34:43 UTC 2008
On 05/03/2008 06:16 PM, John Veness wrote:
> Mike Dent wrote:
>> Hi,just wondering if there are any security implications of opening port
>> 6544 of the mythtv status page?
>> This would be the only port on my firewall open and forwarded to my myth
>> box. Anything I should look out for?
> Perhaps it is no longer the case, but in the past there have been
> mythbackend crashes caused by accessing that port too frequently. I
> would be reluctant to have that port open to the world.
As far as anyone knows, those issues have been fixed*, though I still
wouldn't want some script kiddie trying a DOS by hammering the status
server. Note, also, that there's no throttling performed by the
mythbackend HTTP server, so even if someone can't crash it, they could
definitely tie up your backend.
*The issue you mention seems to have been caused by instability due to
libsensors. I wrote a patch that removed the libsensors dependency (and
issues), but added another issue that had the same result--occasional
crashes--due to a race condition. We fixed that race condition shortly
after it was added (and long before 0.21 was released).
More information about the mythtv-users