Hacker News new | ask | show | jobs
by klodolph 2109 days ago
> I'm not sure we should be writing new network connected daemons in C though.

In general, yes. However, in this case--no, that's not helpful advice--because this program doesn't actually receive input from clients! Kind of hard to trigger exploitable behavior on a program that only sends output.
1 comments
codeulike 2109 days ago
Kind of hard to trigger exploitable behavior on a program that only sends output.

It wouldn't suprise me to find there were still possible exploits

link
fb03 2109 days ago
Explaining, since you were downvoted without a proper reason:

While everything is possible, most exploits happen on buffer overflows on user-received custom data. and since this is not allocating any buffer to receive anything (besides internal connection structures that are filled by the OS), the attack/exploit surface on this one is really tiny, if existent at all.

link
ravi-delia 2109 days ago
Crucially, endlessh has a smaller codebase than some shell scripts I've written. If you have ever used any program written with even a single line of Python, you have more to worry about than a 843 line program that appends a string to a socket.
link