From owner-freebsd-security Mon Jul 27 23:08:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA09160 for freebsd-security-outgoing; Mon, 27 Jul 1998 23:08:50 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from redfish.go2net.com (redfish.go2net.com [207.178.55.5]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id XAA09155 for ; Mon, 27 Jul 1998 23:08:48 -0700 (PDT) (envelope-from marcs@go2net.com) Received: from marcs by redfish.go2net.com with smtp (Exim 1.82 #2) id 0z12uA-0007Ci-00; Mon, 27 Jul 1998 23:06:34 -0700 Date: Mon, 27 Jul 1998 23:06:34 -0700 (PDT) From: Marc Slemko X-Sender: marcs@redfish To: ben@rosengart.com cc: security@FreeBSD.ORG Subject: Re: inetd enhancements (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 28 Jul 1998, Snob Art Genre wrote: > On Mon, 27 Jul 1998, Jim Shankland wrote: > > > Careful there. The sockets API supports binding to a specific > > *address*, not interface. If your machine has two interfaces > > with addresses A and B, and you bind your server socket to address > > B, it will happily accept connections addressed to address B, > > but physically arriving via the "A" interface. > > Hrm, that's no good. But if I'm not mistaken, each interface is > configured with its own address. Does this not give the system enough > information to reject packets arriving on the wrong interface for their > address? There is no such thing as the "wrong interface". It is completely normal and valid to expect that binding to an IP address will let connections be accepted on that IP address. If routing etc. is somehow setup so that works when traffic comes in through another interface, so it should. It is called routing. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message