Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when starting the web server inside containers without the need to having to specify INADDR_ANY all the time. This is the default in most libraries and languages. This doesn't break backwards compatibility since INADDR_LOOPBACK is also included in INADDR_ANY. * doc/ref/web.texi (Web Server): update INADDR_LOOPBACK to INADDR_ANY and related text. * module/web/server/http.scm (http-open): default to INADDR_ANY for the web server. --- doc/ref/web.texi | 10 +++++----- module/web/server/http.scm | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/ref/web.texi b/doc/ref/web.texi index 93cd0214f..6b42b8ff6 100644 --- a/doc/ref/web.texi +++ b/doc/ref/web.texi @@ -1807,7 +1807,7 @@ socket, listening for request on that port. @deffn {HTTP Implementation} http [#:host=#f] @ [#:family=AF_INET] @ - [#:addr=INADDR_LOOPBACK] @ + [#:addr=INADDR_ANY] @ [#:port 8080] [#:socket] The default HTTP implementation. We document it as a function with keyword arguments, because that is precisely the way that it is -- all @@ -1815,7 +1815,7 @@ of the @var{open-params} to @code{run-server} get passed to the implementation's open function. @example -;; The defaults: localhost:8080 +;; The defaults: any local IP on port 8080 (run-server handler) ;; Same thing (run-server handler 'http '()) @@ -1866,9 +1866,9 @@ handler: (run-server hello-world-handler) @end example -By default, the web server listens for requests on -@code{localhost:8080}. Visit that address in your web browser to -test. If you see the string, @code{Hello World!}, sweet! +By default, the web server listens for requests on port @code{8080}. +Visit @code{http://localhost:8080} in your web browser to test. If you +see the string, @code{Hello World!}, sweet! @subsubsection Inspecting the Request diff --git a/module/web/server/http.scm b/module/web/server/http.scm index 05bf46bf0..91354021c 100644 --- a/module/web/server/http.scm +++ b/module/web/server/http.scm @@ -1,6 +1,6 @@ ;;; Web I/O: HTTP -;; Copyright (C) 2010, 2011, 2012, 2015 Free Software Foundation, Inc. +;; Copyright (C) 2010, 2011, 2012, 2015, 2022 Free Software Foundation, Inc. ;; This library is free software; you can redistribute it and/or ;; modify it under the terms of the GNU Lesser General Public @@ -61,7 +61,7 @@ (family AF_INET) (addr (if host (inet-pton family host) - INADDR_LOOPBACK)) + INADDR_ANY)) (port 8080) (socket (make-default-socket family addr port))) (listen socket 128) -- 2.35.1
[-- Attachment #1: Type: text/plain, Size: 813 bytes --] Aleix Conchillo Flaqué <aconchillo@gmail.com> writes: > Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when > starting the web server inside containers without the need to having to > specify INADDR_ANY all the time. This is the default in most libraries > and languages. > > This doesn't break backwards compatibility since INADDR_LOOPBACK is also > included in INADDR_ANY. I’d like to know whether there was a specific reason not to use it. I prefer the new behavior (ANY), because it’s less surprising (it once surprised me that it was different). It might be an option to switch to IPV6 ANY instead to get a real ANY. But there are different opinions about this. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 1125 bytes --]
[-- Attachment #1: Type: text/plain, Size: 3232 bytes --] ping. easy one but might be more controversial. On Wed, Feb 2, 2022 at 4:26 PM Aleix Conchillo Flaqué <aconchillo@gmail.com> wrote: > Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when > starting the web server inside containers without the need to having to > specify INADDR_ANY all the time. This is the default in most libraries > and languages. > > This doesn't break backwards compatibility since INADDR_LOOPBACK is also > included in INADDR_ANY. > > * doc/ref/web.texi (Web Server): update INADDR_LOOPBACK to INADDR_ANY > and related text. > > * module/web/server/http.scm (http-open): default to INADDR_ANY for the > web server. > --- > doc/ref/web.texi | 10 +++++----- > module/web/server/http.scm | 4 ++-- > 2 files changed, 7 insertions(+), 7 deletions(-) > > diff --git a/doc/ref/web.texi b/doc/ref/web.texi > index 93cd0214f..6b42b8ff6 100644 > --- a/doc/ref/web.texi > +++ b/doc/ref/web.texi > @@ -1807,7 +1807,7 @@ socket, listening for request on that port. > > @deffn {HTTP Implementation} http [#:host=#f] @ > [#:family=AF_INET] @ > - [#:addr=INADDR_LOOPBACK] @ > + [#:addr=INADDR_ANY] @ > [#:port 8080] [#:socket] > The default HTTP implementation. We document it as a function with > keyword arguments, because that is precisely the way that it is -- all > @@ -1815,7 +1815,7 @@ of the @var{open-params} to @code{run-server} get > passed to the > implementation's open function. > > @example > -;; The defaults: localhost:8080 > +;; The defaults: any local IP on port 8080 > (run-server handler) > ;; Same thing > (run-server handler 'http '()) > @@ -1866,9 +1866,9 @@ handler: > (run-server hello-world-handler) > @end example > > -By default, the web server listens for requests on > -@code{localhost:8080}. Visit that address in your web browser to > -test. If you see the string, @code{Hello World!}, sweet! > +By default, the web server listens for requests on port @code{8080}. > +Visit @code{http://localhost:8080} in your web browser to test. If you > +see the string, @code{Hello World!}, sweet! > > @subsubsection Inspecting the Request > > diff --git a/module/web/server/http.scm b/module/web/server/http.scm > index 05bf46bf0..91354021c 100644 > --- a/module/web/server/http.scm > +++ b/module/web/server/http.scm > @@ -1,6 +1,6 @@ > ;;; Web I/O: HTTP > > -;; Copyright (C) 2010, 2011, 2012, 2015 Free Software Foundation, Inc. > +;; Copyright (C) 2010, 2011, 2012, 2015, 2022 Free Software Foundation, > Inc. > > ;; This library is free software; you can redistribute it and/or > ;; modify it under the terms of the GNU Lesser General Public > @@ -61,7 +61,7 @@ > (family AF_INET) > (addr (if host > (inet-pton family host) > - INADDR_LOOPBACK)) > + INADDR_ANY)) > (port 8080) > (socket (make-default-socket family addr port))) > (listen socket 128) > -- > 2.35.1 > > [-- Attachment #2: Type: text/html, Size: 4012 bytes --]
[-- Attachment #1.1.1.1: Type: text/plain, Size: 1355 bytes --] On 22-07-2022 02:44, Aleix Conchillo Flaqué wrote: > ping. easy one but might be more controversial. > > On Wed, Feb 2, 2022 at 4:26 PM Aleix Conchillo Flaqué > <aconchillo@gmail.com> wrote: > > Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when > starting the web server inside containers > I don't see what containers have to do with anything? If you want it to access the Internet, just don't do a network container (don't create a new network namespace). Or to reduce access, do create a new network namespace but set up port forwarding (which I would expect to work with loopback). > > without the need to having to > specify INADDR_ANY all the time. > I don't recommend this as a default, as it opens up potential security problems (some programs open a web server for local communication on the computer). INADDR_LOOPBACK is a safe default, anyone needing something else and knowing their use is safe can easily override to INADDR_ANY. > This is the default in most libraries and languages. Is ad populum. Plenty of bad choices have been made in the past, see e.g. all the CVEs, so I don't think this is a good argument. (It is an argument if you are switching to INADDR_ANY for _consistency_, but the patch appears to be for other purposes.) Greetings, Maxime. [-- Attachment #1.1.1.2: Type: text/html, Size: 2725 bytes --] [-- Attachment #1.1.2: OpenPGP public key --] [-- Type: application/pgp-keys, Size: 929 bytes --] [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 236 bytes --]
[-- Attachment #1: Type: text/plain, Size: 1085 bytes --] Aleix Conchillo Flaqué <aconchillo@gmail.com> writes: >> Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when >> starting the web server inside containers without the need to having to >> specify INADDR_ANY all the time. This is the default in most libraries >> and languages. I may be an outlier, but I don't think we should optimize for containers. I think that by default, most things that can reasonably just listen on localhost should and those that want wider scope can configure them (which should be easy and apparently is). It seems this was an earlier conscious choice, from reading the patched docs. >> This doesn't break backwards compatibility since INADDR_LOOPBACK is also >> included in INADDR_ANY. It does break compat because the previous way had a security property that this one doesn't. This is fundamentally a disagreement about what "works" means. Some people think works primarily means "when I click X I see Y" and others thinks works primarily means "security properties (that nothing bad happens" are upheld". [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 194 bytes --]
[-- Attachment #1: Type: text/plain, Size: 1696 bytes --] Thank you Maxime, On Fri, Jul 22, 2022 at 2:44 AM Maxime Devos <maximedevos@telenet.be> wrote: > On 22-07-2022 02:44, Aleix Conchillo Flaqué wrote: > > ping. easy one but might be more controversial. > > On Wed, Feb 2, 2022 at 4:26 PM Aleix Conchillo Flaqué < > aconchillo@gmail.com> wrote: > >> Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when >> starting the web server inside containers > > I don't see what containers have to do with anything? If you want it to > access the Internet, just don't do a network container (don't create a new > network namespace). Or to reduce access, do create a new network namespace > but set up port forwarding (which I would expect to work with loopback). > Now that I read it again, I have no clue what containers have to do with this either, especially because I never run Guile in a container... So, forget about the container reference. > without the need to having to >> specify INADDR_ANY all the time. >> > I don't recommend this as a default, as it opens up potential security > problems (some programs open a web server for local communication on the > computer). INADDR_LOOPBACK is a safe default, anyone needing something else > and knowing their use is safe can easily override to INADDR_ANY. > > This is the default in most libraries and languages. > > Is ad populum. Plenty of bad choices have been made in the past, see e.g. > all the CVEs, so I don't think this is a good argument. (It is an argument > if you are switching to INADDR_ANY for _consistency_, but the patch appears > to be for other purposes.) > > Makes sense. Thank you for the reply! Best, Aleix [-- Attachment #2: Type: text/html, Size: 3898 bytes --]
[-- Attachment #1: Type: text/plain, Size: 1423 bytes --] On Fri, Jul 22, 2022 at 4:45 AM Greg Troxel <gdt@lexort.com> wrote: > > Aleix Conchillo Flaqué <aconchillo@gmail.com> writes: > > >> Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when > >> starting the web server inside containers without the need to having to > >> specify INADDR_ANY all the time. This is the default in most libraries > >> and languages. > > I may be an outlier, but I don't think we should optimize for > containers. I think that by default, most things that can reasonably > just listen on localhost should and those that want wider scope can > configure them (which should be easy and apparently is). > > It seems this was an earlier conscious choice, from reading the patched > docs. > > Agree about the container comment. As I said on the other email, I have no idea why I wrote container there since I never run Guile in a container. >> This doesn't break backwards compatibility since INADDR_LOOPBACK is also > >> included in INADDR_ANY. > > It does break compat because the previous way had a security property > that this one doesn't. This is fundamentally a disagreement about what > "works" means. Some people think works primarily means "when I click X > I see Y" and others thinks works primarily means "security properties > (that nothing bad happens" are upheld". > Makes sense as well. Thank you for your input! Best, Aleix [-- Attachment #2: Type: text/html, Size: 2737 bytes --]