[Ffmpeg-devel] CVS --> Subversion conversion, test repository

[Rich Felker]

On Tue, May 23, 2006 at 03:31:22PM +0200, Christian Iversen wrote:
> > > > > - Runs on apache, so it's a proven technology with a fair security
> > > > >   history.
> > > >
> > > > Apache is proven but surely not secure, just revisit its formidable
> > > > list of security advisories.  Besides Apache is huge and complex, which
> > > > in itself is a contradiction to being secure.  svnserve on the other
> > > > hand is small and does just one thing.  It's been in production use for
> > > > enough time to call proven technology as well IMO.
> > >
> > > In my defense, I wrote "fair", not "perfect" ;-)
> >
> > OK.  Still Apache is something to worry about, it's not vsftpd ..
> 
> I'd worry about any internet-enabled program, but that's just me. I understand 
> your point though :-)

#include <stdio.h>
#include <netinet/in.h>
#include <sys/socket.h>
int main()
{
	struct sockaddr_in sin = { .sin_family = AF_INET, .sin_port = htons(1234), .sin_addr = { .s_addr = 0 } };
	int s = socket(AF_INET, SOCK_STREAM, 0), t;
	bind(s, &sin, sizeof sin);
	listen(s, 1);
	while ((t = accept(s)) >= 0) {
		printf("hello, world\n");
		close (t);
	}
	return 0;
}

Some internet-enabled progs are vuln, others are not. :)
After looking at how Apache is coded I would assume it's vuln.....

Rich