Re: intent to package Festival::Client Perl module
On Wed, 28 Oct 1998 13:28:52 -0800, Joey Hess <joey@kitenet.net> said:
>
> Note that running festival in server mode is an enourmous security
> hole. A festival server can be made to read and probably write to
> arbitrary files on the system.
Thanks, I didn't realize that (I don't know Scheme, all I've used so far
is the SayText function). I'll put some words to this effect in the
package's description.
> I've talked to the authors about this, but they don't seem too
> interested in fixing it.
Perhaps they'd be amenable to adding an option which tells the server
the address to bind() to. This would be a simple change and it would
allow one to restrict connections to localhost, at least.
--
Roderick Schertler
roderick@argon.org
Reply to: