connection, no matter if it is originating locally or from the outside
of the host. There is no check in place to discard non-local
connections. The only security against a malicious attack would be
provided by a local firewall, which is not guaranteed to be installed on
every workstation kicad is used on.
I tested this, and a host running eeschema accepts connections on TCP
port 4243 from other hosts on the internet.
A patch to remedy this potentially serious security hole is attached. It
creates the listener on localhost instead. A flag is provided to allow
the creation of sockets on 0.0.0.0 instead, if required. localhost is
the default.
* Correct all user strings and comments for the correct capitalization of
application names according to JP. They are KiCad, Pcbnew, CvPcb,
Eeschema, and GerbView.
* Add a note the the user interface policy about the correct capitalization.
Seth Hillbrand
Jon Evans
Jeff Young
Wayne Stambaugh
jean-pierre charras
Dick Hollenbeck
Gregor Riepl