Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 8 Aug 1995 11:03:20 -0400
From:      Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu>
To:        paul@FreeBSD.ORG
Cc:        pete@puffin.pelican.com (Pete Carah), current@FreeBSD.ORG
Subject:   Re: workaround for talk's address problem
Message-ID:  <9508081503.AA02688@halloran-eldar.lcs.mit.edu>
In-Reply-To: <199508081032.LAA03138@server.netcraft.co.uk>
References:  <199508071909.MAA09580@puffin.pelican.com> <199508081032.LAA03138@server.netcraft.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
<<On Tue, 8 Aug 1995 11:32:10 +0100 (BST), Paul Richards <paul@netcraft.co.uk> said:

> When in_pcbconnect gets called, I think what's happening is that the
> decision about the local addr is made by ifa_ifwithnet, since the
> destination address is an ip address aliased on this host it finds
> an ifaddr struct that has a match and it returns that as the local
> address.

Yes.  This is what it is supposed to do.

> It knackers security up completely if a client from one domain can
> access servers in another because the local addr of the client gets
> set to that of the server and not the client! In a multi-homed
> environment this seems bogus to me. 

Not at all.

	1) Security based on host addresses is nothing of the sort.

	2) In normal multi-homed environments, this is precisely what
	   you want to do, since you want queries sent on one wire to
	   get replies on the same wire without going through extra
	   router hops as would be required otherwise.

You have two possible solutions:

	1) Don't let people use Web browsers on your server machine.

	2) Modify the browser source code to bind to a specific
	   address (perhaps whatever is returned by gethostname()).

> We could check the destination address and if
> it's actually an aliased address on this host

There is no distinction between various different sorts of interface
addresses.  If you delete the address that was ifconfig'ed first, then
the interface's primary address becomes whatever was added next, and
so on down through the line.

Remember that this code was originally designed to support multiple
logical IP subnets on a single wire.

-GAWollman

--
Garrett A. Wollman   | Shashish is simple, it's discreet, it's brief. ... 
wollman@lcs.mit.edu  | Shashish is the bonding of hearts in spite of distance.
Opinions not those of| It is a bond more powerful than absence.  We like people
MIT, LCS, ANA, or NSA| who like Shashish.  - Claude McKenzie + Florent Vollant



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9508081503.AA02688>