From nobody Fri Aug 09 14:27:04 2024 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WgR7Y04xNz5S6jP for ; Fri, 09 Aug 2024 14:27:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WgR7X51Szz4bMJ for ; Fri, 9 Aug 2024 14:27:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723213624; a=rsa-sha256; cv=none; b=fKcWUMamGNDS+T+Zgwf96wnc/rOMGwdDC9BS1EM2o1BivKv/YQcuPS+FnSDNkbVEXRDYh9 ysB5XEB9BeQhXPg7m28YYr+4HTqagnJsSqYj6d5r0SiM6HWMBjtnH88kXElN6z31KRKT9H ZyivRpiNj5rAvb5c9vuYYR2R+6dmgghzZRgKQ442q7DCPPPRNCaFVzaG67OFxwI9xlNsXB KoxfHJQ5Q+4xbLKhxO0HNK6pwfn7SuWQXc8zEOpsTjqeIUkMCbNOwE7lErp2SpERRwcFEY 7EK79xg+QI3Eg2Hx5P3jVKZJy2GTvM5pXw/Nca6vYh8uXA5ke2jlD5KgAsDzHg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723213624; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2R9VZ83Nvr0VLL94Lh1bEFaHU+lnFJ06X7G6ElRZz8Y=; b=osX5xw0qgvA9C3QA5n0TsK0qx6ioZuszXGYzzJdkFqx6rRgHmdlnD8MefQ1QQ/SzqFh49M 8hV+0dZbD+g8m6uEcoNEcg73e4gOL+5BskRd0Y+I+IbZcyPGII+nJtLdlLDg9Bd+/4IdfQ 6J8IfIk4HhZLofsmJHq7VoU3G/8v7PiuNOKnm73g/zgusVWD5N2dCTlmufo2Ypw/onDg2O Vn4QIZGhITFP6FYDoIraQZiMQQiRlvTwr0gZKtHTnmsAsP5ChvYyqNCwILIf3um+IhtKgi nRKTaReFTyYCCW0dqy94Qzn6mbqhlcf6An9GocUUE9ExtTqt+uzr3i84xDkZiQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WgR7X4TB3zL1n for ; Fri, 9 Aug 2024 14:27:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 479ER4xG026126 for ; Fri, 9 Aug 2024 14:27:04 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 479ER4WJ026125 for bugs@FreeBSD.org; Fri, 9 Aug 2024 14:27:04 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 280705] 0.0.0.0/32 is equivalent to 127.0.0.1/32, which may be considered a security flaw Date: Fri, 09 Aug 2024 14:27:04 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: ltning-freebsd@anduin.net X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280705 Bug ID: 280705 Summary: 0.0.0.0/32 is equivalent to 127.0.0.1/32, which may be considered a security flaw Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: ltning-freebsd@anduin.net Looking at https://github.com/freebsd/freebsd-src/blob/872164f559d2637f8de30fcd9da46d9= b43d24328/sys/netinet/in_pcb.c#L1312-L1331 and confirming by testing, any listening port, no matter which interface it= is on, will also accept connections on 0.0.0.0/32. This has recently gained attention in the form of a "browser bug", where network sandboxing can be evaded (and remotely-loaded javascript can talk to any service running on the host). The original code is from BSD4.3, and (guessing here) might be there because someone didn't want to wait for the tape with the localhost interface code = - or was simply too lazy to type 127.0.0.1? :) --=20 You are receiving this mail because: You are the assignee for the bug.=