cURL / Mailing Lists / curl-library / Single Mail


Binding socks port in test suite

From: Dan Fandrich <>
Date: Mon, 26 Nov 2007 09:28:43 -0800 has just been updated to stop binding the socks server to
localhost when started because doing so didn't work on some platforms.
Unfortunately, this opens up a security hole on all systems running the
curl test suite. The socks port becomes open to all systems and on machines
facing the open Internet, socks can be used to forward spam, launch attacks
on remote machines, or even attack machines on a local network accessible
by the curl machine.

Rather than opening up this hole to allow the tests to run on more machines,
I would rather socks testing be disabled on systems that can't handle binding
to localhost.

>>> Dan

--              The web change of address service
          Let webmasters know that your web site has moved
Received on 2007-11-26