Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Turn any program that uses stdin/stdout into a WebSocket server (github.com/joewalnes)
34 points by feross on Jan 29, 2019 | hide | past | favorite | 7 comments


1st thought: Reminds me of inetd Clicked link: This is inetd ;-)

Inetd on wikipedia: https://en.wikipedia.org/wiki/Inetd

Inetd on NVD: https://nvd.nist.gov/vuln/search/statistics?form_type=Basic&... I expected worse ;-)


This is a dupe.

For more comments checkout: https://news.ycombinator.com/item?id=19000109


It must be a big whole in security, 'cause it's really too good! :)


I share your concern, but still it looks like a very interesting tool to mock a websocket endpoint or quickly deploy a proof of concept.


Exactly my thought. I wont be using this for exposed/public access. Which websockets are.

First vector that comes to mind the stdin escape sequences, then there is the inevitable leaking of sensitive information (besides bugs in the process, what about its unhandled exceptions, segfaults, or other system errors), and then there is the denial-of-service unless it can throttle before invoking a process, and lets not forget about command injection.

But still i must say the idea is nice in simplicity..


What stdin escape sequences?


terminal-related sequences?

but a websocket/PIPE fails isatty(3), so i don't think any kind of escape sequences are possible, here.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: