Comment by paultopia
6 years ago
Do people who understand networking better than I do (i.e., almost everyone) want to explain how to universally prevent this localhost garbage? Like, some kind of firewall, combined with a simple command line trigger to open up a port when I actually want to? There's gotta be an open-source firewall for this kind of thing, right?
The notion that some random app can just spin up a server on localhost without my permission is completely insane. Also, this is why Gatekeeper, and the App Store "walled garden" are good---nothing should get the kind of permissions necessary to run a fucking localhost server that can reinstall a deleted app w/o user interaction!!
> The notion that some random app can just spin up a server on localhost without my permission is completely insane.
As far as I know any desktop app (userland code) can listen on a non-privileged port without permissions, on any desktop OS.
I’ve seen a few programs (like R) run web servers to provide documentation (although, the server only ran temporarily).