From: Joerg W. <j...@ur...> - 2003-07-10 19:30:50
|
As Theodore A. Roth wrote: > I have committed this patch from Joerg Wunsch. It adds defaults for > hostname and port so that the following are equivalent: > > $ avarice localhost 4242 > > $ avarice Actually, it's the equivalent to avarice 0.0.0.0 4242 0.0.0.0 translates to INADDR_ANY and, when used in a listen() context (as it happens here), means ``listen on any possible interface and address on this host''. (When used in a connect() context, it means ``this host'', which is indead roughly equivalent to `localhost'.) So if you're really concerned about disallowing connects to IP addresses != 127.1, you should indeed still use "localhost". However, this is not a very strong security protection either, since someone who's source-routing 127.1 to your host could still send you packets to that address anyway. Perhaps we should implement AF_LOCAL sockets as well (formerly known as AF_UNIX) to completely forbid AF_INET connections, but i'm not sure whether GDB would accept them at all. There's one other side-effect of the implementation i've chose, in that numerical IP addresses are guaranteed to be allowed now as well. Previously, they used to be possible as a side-effect of the DNS resolver implementation for people who were using DNS name resolution, but i'm not even sure whether this approach has been portable at all. Thanks, Ted! -- cheers, J"org .-.-. --... ...-- -.. . DL8DTL http://www.sax.de/~joerg/ NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-) |