From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Maxime Devos Newsgroups: gmane.lisp.guile.devel Subject: Re: [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK Date: Fri, 22 Jul 2022 11:44:28 +0200 Message-ID: <8d7255ee-07b2-bd66-2e33-75c8d112756e@telenet.be> References: <20220203002638.34504-1-aconchillo@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------2GAixkJPZ0wFL05gAA0ZqKJ0" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="21459"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 To: =?UTF-8?Q?Aleix_Conchillo_Flaqu=c3=a9?= , guile-devel Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Fri Jul 22 11:45:10 2022 Return-path: Envelope-to: guile-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oEpDZ-0005Mm-Jr for guile-devel@m.gmane-mx.org; Fri, 22 Jul 2022 11:45:09 +0200 Original-Received: from localhost ([::1]:55110 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oEpDY-00039S-K2 for guile-devel@m.gmane-mx.org; Fri, 22 Jul 2022 05:45:08 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:52250) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oEpD0-00039G-DN for guile-devel@gnu.org; Fri, 22 Jul 2022 05:44:34 -0400 Original-Received: from baptiste.telenet-ops.be ([2a02:1800:120:4::f00:13]:42366) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oEpCy-0008El-75 for guile-devel@gnu.org; Fri, 22 Jul 2022 05:44:34 -0400 Original-Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by baptiste.telenet-ops.be with bizsmtp id y9kU2700F20ykKC019kUES; Fri, 22 Jul 2022 11:44:28 +0200 Content-Language: en-US In-Reply-To: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1658483068; bh=rTGsYqpZGY/hCV3USs3Dxp+JVeG9Z76Etzx08aDYLDA=; h=Date:To:References:From:Subject:In-Reply-To; b=k9Jv/qbhSmj/kEl0JmmWBuTSaAIPXD3YL2Mr6ydgqtwHsby7vA1znYr+BrCStc1kW +GbzRxe1OqJjZRfKs49nBF47X9zXW0S4LTPqswdMoEhGQN/vbz9PA9VIgFKPPPocW1 ikh8OrYoAKsdsLPtALCHvgj0ipwcHmlNdo6GKB+xfGAvpGiR+6WYwmeNmf0vdK1d9T QrgjfPZhly82Xji2Ef9HU+MZGu4w/amFrdqF+9ELKUSC8f6GmEFgzD9yZSSGO5wNaa nBDMRJNNIlWFZvX6lLXEghqf7zXOp7bzxNbloCCwjf2s1FWbF5q9zO8qOyjUsVx/Xa fT0iXwRsm5G6g== Received-SPF: pass client-ip=2a02:1800:120:4::f00:13; envelope-from=maximedevos@telenet.be; helo=baptiste.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Original-Sender: "guile-devel" Xref: news.gmane.io gmane.lisp.guile.devel:21265 Archived-At: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------2GAixkJPZ0wFL05gAA0ZqKJ0 Content-Type: multipart/mixed; boundary="------------WZhABcq0SjchyMfMNEKOOqwL"; protected-headers="v1" From: Maxime Devos To: =?UTF-8?Q?Aleix_Conchillo_Flaqu=c3=a9?= , guile-devel Message-ID: <8d7255ee-07b2-bd66-2e33-75c8d112756e@telenet.be> Subject: Re: [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK References: <20220203002638.34504-1-aconchillo@gmail.com> In-Reply-To: --------------WZhABcq0SjchyMfMNEKOOqwL Content-Type: multipart/mixed; boundary="------------Wiai1S0wEyBhvul7KWV4VRYW" --------------Wiai1S0wEyBhvul7KWV4VRYW Content-Type: multipart/alternative; boundary="------------CBZL1npFS0SwivemYfwwYX0B" --------------CBZL1npFS0SwivemYfwwYX0B Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gMjItMDctMjAyMiAwMjo0NCwgQWxlaXggQ29uY2hpbGxvIEZsYXF1w6kgd3JvdGU6DQoN Cj4gcGluZy4gZWFzeSBvbmUgYnV0IG1pZ2h0IGJlIG1vcmUgY29udHJvdmVyc2lhbC4NCj4N Cj4gT24gV2VkLCBGZWIgMiwgMjAyMiBhdCA0OjI2IFBNIEFsZWl4IENvbmNoaWxsbyBGbGFx dcOpIA0KPiA8YWNvbmNoaWxsb0BnbWFpbC5jb20+IHdyb3RlOg0KPg0KPiAgICAgVXNpbmcg SU5BRERSX0FOWSBpbnN0ZWFkIG9mIElOQUREUl9MT09QQkFDSyBtYWtlcyBpdCBjb252ZW5p ZW50IHdoZW4NCj4gICAgIHN0YXJ0aW5nIHRoZSB3ZWIgc2VydmVyIGluc2lkZSBjb250YWlu ZXJzDQo+DQpJIGRvbid0IHNlZSB3aGF0IGNvbnRhaW5lcnMgaGF2ZSB0byBkbyB3aXRoIGFu eXRoaW5nPyBJZiB5b3Ugd2FudCBpdCB0byANCmFjY2VzcyB0aGUgSW50ZXJuZXQsIGp1c3Qg ZG9uJ3QgZG8gYSBuZXR3b3JrIGNvbnRhaW5lciAoZG9uJ3QgY3JlYXRlIGEgDQpuZXcgbmV0 d29yayBuYW1lc3BhY2UpLsKgIE9yIHRvIHJlZHVjZSBhY2Nlc3MsIGRvIGNyZWF0ZSBhIG5l dyBuZXR3b3JrIA0KbmFtZXNwYWNlIGJ1dCBzZXQgdXAgcG9ydCBmb3J3YXJkaW5nICh3aGlj aCBJIHdvdWxkIGV4cGVjdCB0byB3b3JrIHdpdGggDQpsb29wYmFjaykuDQo+DQo+ICAgICB3 aXRob3V0IHRoZSBuZWVkIHRvIGhhdmluZyB0bw0KPiAgICAgc3BlY2lmeSBJTkFERFJfQU5Z IGFsbCB0aGUgdGltZS4NCj4NCkkgZG9uJ3QgcmVjb21tZW5kIHRoaXMgYXMgYSBkZWZhdWx0 LCBhcyBpdCBvcGVucyB1cCBwb3RlbnRpYWwgc2VjdXJpdHkgDQpwcm9ibGVtcyAoc29tZSBw cm9ncmFtcyBvcGVuIGEgd2ViIHNlcnZlciBmb3IgbG9jYWwgY29tbXVuaWNhdGlvbiBvbiB0 aGUgDQpjb21wdXRlcikuIElOQUREUl9MT09QQkFDSyBpcyBhIHNhZmUgZGVmYXVsdCwgYW55 b25lIG5lZWRpbmcgc29tZXRoaW5nIA0KZWxzZSBhbmQga25vd2luZyB0aGVpciB1c2UgaXMg c2FmZSBjYW4gZWFzaWx5IG92ZXJyaWRlIHRvIElOQUREUl9BTlkuDQoNCj4gVGhpcyBpcyB0 aGUgZGVmYXVsdCBpbiBtb3N0IGxpYnJhcmllcyBhbmQgbGFuZ3VhZ2VzLg0KSXMgYWQgcG9w dWx1bS4gUGxlbnR5IG9mIGJhZCBjaG9pY2VzIGhhdmUgYmVlbiBtYWRlIGluIHRoZSBwYXN0 LCBzZWUgDQplLmcuIGFsbCB0aGUgQ1ZFcywgc28gSSBkb24ndCB0aGluayB0aGlzIGlzIGEg Z29vZCBhcmd1bWVudC4gKEl0IGlzIGFuIA0KYXJndW1lbnQgaWYgeW91IGFyZSBzd2l0Y2hp bmcgdG8gSU5BRERSX0FOWSBmb3IgX2NvbnNpc3RlbmN5XywgYnV0IHRoZSANCnBhdGNoIGFw cGVhcnMgdG8gYmUgZm9yIG90aGVyIHB1cnBvc2VzLikNCg0KR3JlZXRpbmdzLA0KTWF4aW1l Lg0KDQo= --------------CBZL1npFS0SwivemYfwwYX0B Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On 22-07-2022 02:44, Aleix Conchillo Flaqu=C3=A9 wrote:

ping. easy one= but might be more controversial.

On Wed, Feb 2, 2022 at 4:26= PM Aleix Conchillo Flaqu=C3=A9 <aconchillo@gmail.com> wrote:
= Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when<= br> starting the web server inside containers
I don't see what containers have to do with anything? If you want it to access the Internet, just don't do a network container (don't create a new network namespace).=C2=A0 Or to reduce access, do create= a new network namespace but set up port forwarding (which I would expect to work with loopback).
= without the need to having to
specify INADDR_ANY all the time.

I don't recommend this as a default, as it opens up potential security problems (some programs open a web server for local communication on the computer). INADDR_LOOPBACK is a safe default, anyone needing something else and knowing their use is safe can easily override to INADDR_ANY.

This is the default in most libraries and= languages.
Is ad populum. Plenty of bad choices have been made in the past, see e.g. all the CVEs, so I don't think this is a good argument.=C2= =A0 (It is an argument if you are switching to INADDR_ANY for _consistency_, but the patch appears to be for other purposes.)
=

Greetings,
Maxime.

--------------CBZL1npFS0SwivemYfwwYX0B-- --------------Wiai1S0wEyBhvul7KWV4VRYW Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------Wiai1S0wEyBhvul7KWV4VRYW-- --------------WZhABcq0SjchyMfMNEKOOqwL-- --------------2GAixkJPZ0wFL05gAA0ZqKJ0 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYtpxfAUDAAAAAAAKCRBJ4+4iGRcl7sbD AP4mMjM3ZvgOrlKWP/c12MegPo0dzxGLBE6Y6PFLNro3AgD/RpAolN95GjsAmwfVUslrJn85Efu3 ThhBhpZvlG+Hmww= =rXp7 -----END PGP SIGNATURE----- --------------2GAixkJPZ0wFL05gAA0ZqKJ0--