> I'm not sure we should be writing new network connected daemons in C though.
In general, yes. However, in this case--no, that's not helpful advice--because this program doesn't actually receive input from clients! Kind of hard to trigger exploitable behavior on a program that only sends output.
Explaining, since you were downvoted without a proper reason:
While everything is possible, most exploits happen on buffer overflows on user-received custom data. and since this is not allocating any buffer to receive anything (besides internal connection structures that are filled by the OS), the attack/exploit surface on this one is really tiny, if existent at all.
Crucially, endlessh has a smaller codebase than some shell scripts I've written. If you have ever used any program written with even a single line of Python, you have more to worry about than a 843 line program that appends a string to a socket.
Your concern is well founded, but what are you going to use that doesn't end up touching libraries written in...C?
We're a long way from "Smashing the Stack", people are aware of mitigation and the care that needs to be taken, precautions have been made inside operating systems and compilers.
In general, yes. However, in this case--no, that's not helpful advice--because this program doesn't actually receive input from clients! Kind of hard to trigger exploitable behavior on a program that only sends output.