ChipTuner's avatar
ChipTuner ChipTuner@gitcitadel.com 3 months ago
I entirely agree on this one. I'm someone who likes explicit control over my firewall and incoming/outgoing connections. I wouldn't want to be connecting to a bunch of random servers (relays), you never know which ones could poison your device. One buffer overflow in the client code (meaning the websocket client library or parsing code itself) and you have a RCE vulnerability. The same goes for incoming connections. I assume there is a localhost optimization.
↑ Parent

Replies (1)

ChipTuner's avatar
ChipTuner ChipTuner@gitcitadel.com 3 months ago
One could setup a malicious relay could be built to trigger a known RCE vuln and every nostr client with the vuln would be pwned XD For example, in my dream world, noscrypt becomes ubiquitous, there is an overflow somewhere that can be triggered by a malicious relay connection, now all nostr users running noscrypt are pwned simply by connecting to that relay. Same could be said for NDK, or aedile or any framework with a known vuln.
1 replies ↓