Date: Fri, 09 Aug 2024 14:27:04 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 280705] 0.0.0.0/32 is equivalent to 127.0.0.1/32, which may be considered a security flaw Message-ID: <bug-280705-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280705 Bug ID: 280705 Summary: 0.0.0.0/32 is equivalent to 127.0.0.1/32, which may be considered a security flaw Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: ltning-freebsd@anduin.net Looking at https://github.com/freebsd/freebsd-src/blob/872164f559d2637f8de30fcd9da46d9= b43d24328/sys/netinet/in_pcb.c#L1312-L1331 and confirming by testing, any listening port, no matter which interface it= is on, will also accept connections on 0.0.0.0/32. This has recently gained attention in the form of a "browser bug", where network sandboxing can be evaded (and remotely-loaded javascript can talk to any service running on the host). The original code is from BSD4.3, and (guessing here) might be there because someone didn't want to wait for the tape with the localhost interface code = - or was simply too lazy to type 127.0.0.1? :) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280705-227>