[Bug 692996] Re: No /etc/init.d script
Sergio Oller
692996 at bugs.launchpad.net
Mon Apr 16 16:04:03 UTC 2018
And this "festival --server" is a very unsafe solution due to the design of festival server mode.
Any other local user will only need to use the command:
> telnet localhost 1314
> (system "ls")
Basically you are opening a user shell to anyone with access to
localhost. This:
- Gives access to your shell to any other local user (which is dangerous
if there are other users in your computer)
- Gives access to your shell to any malicious website you visit that
uses a DNS rebinding attack (dangerous, unless you don't visit websites
or you disable javascript).See
https://security.stackexchange.com/questions/147175/is-http-to-
localhost-safe
We need a better alternative to this "festival --server" solution.
Festival was designed with speech synthesis research purposes in mind,
not as a user robust TTS system.
--
You received this bug notification because you are a member of
Accessibility, which is subscribed to festival in Ubuntu.
https://bugs.launchpad.net/bugs/692996
Title:
No /etc/init.d script
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/festival/+bug/692996/+subscriptions
More information about the Ubuntu-accessibility-bugs
mailing list