github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 16:15:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #1873] What's the security model of frp? #1480

New issue
Closed
opened 2026-05-05 12:56:12 -06:00 by gitea-mirror · 3 comments
gitea-mirror commented 2026-05-05 12:56:12 -06:00
Owner
Copy link

Originally created by @zzh1996 on GitHub (Jun 20, 2020).
Original GitHub issue: https://github.com/fatedier/frp/issues/1873

I run frpc on computer A and frps on computer B. If one of them is fully controlled by a hacker (so that the config file including the token is leaked), what can the hacker do to the other computer? Is it possible that the hacker can listen on any port or send arbitrary network packets on the other machine?

Originally created by @zzh1996 on GitHub (Jun 20, 2020). Original GitHub issue: https://github.com/fatedier/frp/issues/1873 I run frpc on computer A and frps on computer B. If one of them is fully controlled by a hacker (so that the config file including the token is leaked), what can the hacker do to the other computer? Is it possible that the hacker can listen on any port or send arbitrary network packets on the other machine?
gitea-mirror commented 2026-05-05 12:56:14 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Jun 20, 2020):

One frpc only expose your services by your configure file, not controlled by others. So it won't be affected if frps or anothor frpc has been hacked.

<!-- gh-comment-id:646981588 --> @fatedier commented on GitHub (Jun 20, 2020): One frpc only expose your services by your configure file, not controlled by others. So it won't be affected if frps or anothor frpc has been hacked.
gitea-mirror commented 2026-05-05 12:56:15 -06:00
Author
Owner
Copy link

@zzh1996 commented on GitHub (Jun 21, 2020):

One frpc only expose your services by your configure file, not controlled by others. So it won't be affected if frps or anothor frpc has been hacked.

What if frpc is hacked and the hacker can compose arbitrary config file?

<!-- gh-comment-id:647168020 --> @zzh1996 commented on GitHub (Jun 21, 2020): > One frpc only expose your services by your configure file, not controlled by others. So it won't be affected if frps or anothor frpc has been hacked. What if frpc is hacked and the hacker can compose arbitrary config file?
gitea-mirror commented 2026-05-05 12:56:15 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Jun 22, 2020):

It's just a common client. You can limit this client by yourself.

<!-- gh-comment-id:647244234 --> @fatedier commented on GitHub (Jun 22, 2020): It's just a common client. You can limit this client by yourself.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#1480
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?