If the /etc/minidlna.conf contains a line e.g.
network_interface=eth1
or
network_interface=eth0
with more than one network card in the system (e.g. one connected to LAN, the other to the WAN), minidlna does not observe this restriction for the http side and udp port 1900, only for its main udp port. This could result in a serious breach of security if for example the other interface is exposed the WAN, the setting however restricts to the LAN only.
Netstat shows (http port set to 81):
netstat -nap | grep minid
tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 15073/minidlnad
udp 0 0 192.168.x.x:36151 0.0.0.0:* 15073/minidlnad
udp 0 0 0.0.0.0:1900 0.0.0.0:* 15073/minidlnad
It might be an idea to permit more than one network_interface being bound (e.g. lo,eth0).
I discovered this behavior today.
This could cause a security disaster in many situations.
I don't understand why it's still not fixed despite being reported for almost a year.
I don't think there is technical reason that requires listening to all interfaces.
I agree this is a very serious security bug. Maintainers, could you please take a look at the patch posted in this bug report ?
The patch doesn't works if the administrator specify more than one interface. It fallbacks to 0.0.0.0 if more than one interface is specified but this is much better than current behaviour.