Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
src: make debugger listen on 127.0.0.1 by default
CVE-2018-12120 Backport of 8e7cbe2 to v6.x Prepared by Sam Roberts <vieuxtech@gmail.com> Original commit: Commit 2272052 ("net: bind to `::` TCP address by default") from April 2014 seems to have accidentally changed the default listen address from 127.0.0.1 to 0.0.0.0, a.k.a. the "any" address. From a security viewpoint it's undesirable to accept debug agent connections from anywhere so let's change that back. Users can override the default with the `--debug=<host>:<port>` switch. Fixes: #8081 PR-URL: #8106 Reviewed-By: James M Snell <jasnell@gmail.com> PR-URL: nodejs-private/node-private#148 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
- Loading branch information
1 parent
4beba66
commit a9791c9
Showing
8 changed files
with
40 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters