Hacker News new | past | comments | ask | show | jobs | submit login

The security of this worries me. I would have to understand their code very well before I would be comfortable running a program that gives root access to anyone over a web browser.



> You can set the bind host with butterfly.server.py --host="0.0.0.0" which will allow other users to connect to your terminal. A password will be asked but IT IS NOT SECURE! So it's recommended as of know [sic] to run this only on local network for testing purposes.


The easy solution is to set up an iptables route for disabling all non-loopback connections and traffic for port 57575.


That doesn't help if the vulnerability involves taking over your machine via JS on an untrusted page, causing your own browser to conduct the exploit against your terminal.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: