node --debug --debug-host=127.0.0.1

[rafis]

I have just discovered that my VPS exposes all my private propietary code to the Internet :) I'm not even sure if hacker can eval some really bad code like require('fs').readdirSync('/etc') when I'm debugging.
How to limit interface on which debug is listening?
Have anybody developed nodejs code snifferer or VPS backdoorer (sometimes I'm running sudo mc and can forget that)? It will not take too long to scan the Internet with zmap for first machine with port 5858 open and iterate in such way over them in a loop.
Is vulnerability discovered by Quihoo 360 researcher Guang Gong only related to Android+Chrome and not to V8 in general?

[bnoordhuis]

How to limit interface on which debug is listening?

I have a PR that I need to revisit that (re)implements that: #3316

Is vulnerability discovered by Quihoo 360 researcher Guang Gong only related to Android+Chrome and not to V8 in general?

Which vulnerability in particular are you referring to?

[jasnell]

Closing given the lack of response. Can reopen if necessary.