From 76e49580ee2371446390fda350ca146a062dcb41 Mon Sep 17 00:00:00 2001
From: Klaus Schmidinger <vdr@tvdr.de>
Date: Sun, 17 Sep 2000 21:10:57 +0200
Subject: [PATCH] Added a security warning regarding SVDRP to the INSTALL file

---
 HISTORY | 1 +
 INSTALL | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/HISTORY b/HISTORY
index b213307e..f229860f 100644
--- a/HISTORY
+++ b/HISTORY
@@ -199,3 +199,4 @@ Video Disk Recorder Revision History
   slashes, the recording file names have been damaged. Trailing slashes are
   now silently removed.
 - Fixed a buffer overflow in EIT parsing.
+- Added a security warning regarding SVDRP to the INSTALL file.
diff --git a/INSTALL b/INSTALL
index 98268e32..7b953be5 100644
--- a/INSTALL
+++ b/INSTALL
@@ -52,6 +52,11 @@ port ("Simple Video Disk Recorder Protocol"). By default, it listens
 on port 2001 (use the --port=PORT option to change this). For details
 about the SVDRP syntax see the source file 'svdrp.c'.
 
+WARNING: DUE TO THE OPEN SVDRP PORT THIS PROGRAM MAY CONSTITUTE A
+=======  POTENTIAL SECURITY HAZARD! IF YOU ARE NOT RUNNING VDR IN
+         A CONTROLLED ENVIRONMENT, YOU MAY WANT TO DISABLE SVDRP
+         BY USING '--port=0'!
+
 If the program shall run as a daemon, use the --daemon option. This
 will completely detach it from the terminal and will continue as a
 background process.