The listener is opened on INADDR_ANY, so it will accept any network
connection, no matter if it is originating locally or from the outside of the host. There is no check in place to discard non-local connections. The only security against a malicious attack would be provided by a local firewall, which is not guaranteed to be installed on every workstation kicad is used on. I tested this, and a host running eeschema accepts connections on TCP port 4243 from other hosts on the internet. A patch to remedy this potentially serious security hole is attached. It creates the listener on localhost instead. A flag is provided to allow the creation of sockets on 0.0.0.0 instead, if required. localhost is the default.
Showing
Please register or sign in to comment