From owner-freebsd-current Tue Aug 8 08:03:34 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.11/8.6.6) id IAA01357 for current-outgoing; Tue, 8 Aug 1995 08:03:34 -0700 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.cdrom.com (8.6.11/8.6.6) with SMTP id IAA01351 ; Tue, 8 Aug 1995 08:03:25 -0700 Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.3.6) id AA02688; Tue, 8 Aug 1995 11:03:20 -0400 Date: Tue, 8 Aug 1995 11:03:20 -0400 From: Garrett Wollman Message-Id: <9508081503.AA02688@halloran-eldar.lcs.mit.edu> To: paul@FreeBSD.ORG Cc: pete@puffin.pelican.com (Pete Carah), current@FreeBSD.ORG Subject: Re: workaround for talk's address problem In-Reply-To: <199508081032.LAA03138@server.netcraft.co.uk> References: <199508071909.MAA09580@puffin.pelican.com> <199508081032.LAA03138@server.netcraft.co.uk> Sender: current-owner@FreeBSD.ORG Precedence: bulk < said: > When in_pcbconnect gets called, I think what's happening is that the > decision about the local addr is made by ifa_ifwithnet, since the > destination address is an ip address aliased on this host it finds > an ifaddr struct that has a match and it returns that as the local > address. Yes. This is what it is supposed to do. > It knackers security up completely if a client from one domain can > access servers in another because the local addr of the client gets > set to that of the server and not the client! In a multi-homed > environment this seems bogus to me. Not at all. 1) Security based on host addresses is nothing of the sort. 2) In normal multi-homed environments, this is precisely what you want to do, since you want queries sent on one wire to get replies on the same wire without going through extra router hops as would be required otherwise. You have two possible solutions: 1) Don't let people use Web browsers on your server machine. 2) Modify the browser source code to bind to a specific address (perhaps whatever is returned by gethostname()). > We could check the destination address and if > it's actually an aliased address on this host There is no distinction between various different sorts of interface addresses. If you delete the address that was ifconfig'ed first, then the interface's primary address becomes whatever was added next, and so on down through the line. Remember that this code was originally designed to support multiple logical IP subnets on a single wire. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant