[Bug 280705] 0.0.0.0/32 is equivalent to 127.0.0.1/32, which may be considered a security flaw

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 10 Aug 2024 14:20:08 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280705

Jamie Landeg-Jones <jamie@catflap.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jamie@catflap.org

--- Comment #9 from Jamie Landeg-Jones <jamie@catflap.org> ---
(In reply to Eirik Oeverby from comment #8)

I tried this on 14.0-stable from March, and from my testing, it appears this
does happen if you bind to 127.0.0.1, but not any other IP (even 127.0.0.2
aliased on lo0 didn't exhibit the behaviour)

IE bind to 127.0.0.1 allows connections to 0.0.0.0, but binding to anything
else doesn't.

Still, I wouldn't have expected the bind to 127.0.0.1 to accept 0.0.0.0

-- 
You are receiving this mail because:
You are the assignee for the bug.