From mboxrd@z Thu Jan 1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Maxime Devos
Newsgroups: gmane.lisp.guile.devel
Subject: Re: [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK
Date: Fri, 22 Jul 2022 11:44:28 +0200
Message-ID: <8d7255ee-07b2-bd66-2e33-75c8d112756e@telenet.be>
References: <20220203002638.34504-1-aconchillo@gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------2GAixkJPZ0wFL05gAA0ZqKJ0"
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
logging-data="21459"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.11.0
To: =?UTF-8?Q?Aleix_Conchillo_Flaqu=c3=a9?= ,
guile-devel
Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Fri Jul 22 11:45:10 2022
Return-path:
Envelope-to: guile-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.92)
(envelope-from )
id 1oEpDZ-0005Mm-Jr
for guile-devel@m.gmane-mx.org; Fri, 22 Jul 2022 11:45:09 +0200
Original-Received: from localhost ([::1]:55110 helo=lists1p.gnu.org)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from )
id 1oEpDY-00039S-K2
for guile-devel@m.gmane-mx.org; Fri, 22 Jul 2022 05:45:08 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:52250)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from )
id 1oEpD0-00039G-DN
for guile-devel@gnu.org; Fri, 22 Jul 2022 05:44:34 -0400
Original-Received: from baptiste.telenet-ops.be ([2a02:1800:120:4::f00:13]:42366)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from )
id 1oEpCy-0008El-75
for guile-devel@gnu.org; Fri, 22 Jul 2022 05:44:34 -0400
Original-Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]
([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16])
by baptiste.telenet-ops.be with bizsmtp
id y9kU2700F20ykKC019kUES; Fri, 22 Jul 2022 11:44:28 +0200
Content-Language: en-US
In-Reply-To:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
t=1658483068; bh=rTGsYqpZGY/hCV3USs3Dxp+JVeG9Z76Etzx08aDYLDA=;
h=Date:To:References:From:Subject:In-Reply-To;
b=k9Jv/qbhSmj/kEl0JmmWBuTSaAIPXD3YL2Mr6ydgqtwHsby7vA1znYr+BrCStc1kW
+GbzRxe1OqJjZRfKs49nBF47X9zXW0S4LTPqswdMoEhGQN/vbz9PA9VIgFKPPPocW1
ikh8OrYoAKsdsLPtALCHvgj0ipwcHmlNdo6GKB+xfGAvpGiR+6WYwmeNmf0vdK1d9T
QrgjfPZhly82Xji2Ef9HU+MZGu4w/amFrdqF+9ELKUSC8f6GmEFgzD9yZSSGO5wNaa
nBDMRJNNIlWFZvX6lLXEghqf7zXOp7bzxNbloCCwjf2s1FWbF5q9zO8qOyjUsVx/Xa
fT0iXwRsm5G6g==
Received-SPF: pass client-ip=2a02:1800:120:4::f00:13;
envelope-from=maximedevos@telenet.be; helo=baptiste.telenet-ops.be
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guile-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Developers list for Guile,
the GNU extensibility library"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org
Original-Sender: "guile-devel"
Xref: news.gmane.io gmane.lisp.guile.devel:21265
Archived-At:
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------2GAixkJPZ0wFL05gAA0ZqKJ0
Content-Type: multipart/mixed; boundary="------------WZhABcq0SjchyMfMNEKOOqwL";
protected-headers="v1"
From: Maxime Devos
To: =?UTF-8?Q?Aleix_Conchillo_Flaqu=c3=a9?= ,
guile-devel
Message-ID: <8d7255ee-07b2-bd66-2e33-75c8d112756e@telenet.be>
Subject: Re: [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK
References: <20220203002638.34504-1-aconchillo@gmail.com>
In-Reply-To:
--------------WZhABcq0SjchyMfMNEKOOqwL
Content-Type: multipart/mixed; boundary="------------Wiai1S0wEyBhvul7KWV4VRYW"
--------------Wiai1S0wEyBhvul7KWV4VRYW
Content-Type: multipart/alternative;
boundary="------------CBZL1npFS0SwivemYfwwYX0B"
--------------CBZL1npFS0SwivemYfwwYX0B
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
T24gMjItMDctMjAyMiAwMjo0NCwgQWxlaXggQ29uY2hpbGxvIEZsYXF1w6kgd3JvdGU6DQoN
Cj4gcGluZy4gZWFzeSBvbmUgYnV0IG1pZ2h0IGJlIG1vcmUgY29udHJvdmVyc2lhbC4NCj4N
Cj4gT24gV2VkLCBGZWIgMiwgMjAyMiBhdCA0OjI2IFBNIEFsZWl4IENvbmNoaWxsbyBGbGFx
dcOpIA0KPiA8YWNvbmNoaWxsb0BnbWFpbC5jb20+IHdyb3RlOg0KPg0KPiAgICAgVXNpbmcg
SU5BRERSX0FOWSBpbnN0ZWFkIG9mIElOQUREUl9MT09QQkFDSyBtYWtlcyBpdCBjb252ZW5p
ZW50IHdoZW4NCj4gICAgIHN0YXJ0aW5nIHRoZSB3ZWIgc2VydmVyIGluc2lkZSBjb250YWlu
ZXJzDQo+DQpJIGRvbid0IHNlZSB3aGF0IGNvbnRhaW5lcnMgaGF2ZSB0byBkbyB3aXRoIGFu
eXRoaW5nPyBJZiB5b3Ugd2FudCBpdCB0byANCmFjY2VzcyB0aGUgSW50ZXJuZXQsIGp1c3Qg
ZG9uJ3QgZG8gYSBuZXR3b3JrIGNvbnRhaW5lciAoZG9uJ3QgY3JlYXRlIGEgDQpuZXcgbmV0
d29yayBuYW1lc3BhY2UpLsKgIE9yIHRvIHJlZHVjZSBhY2Nlc3MsIGRvIGNyZWF0ZSBhIG5l
dyBuZXR3b3JrIA0KbmFtZXNwYWNlIGJ1dCBzZXQgdXAgcG9ydCBmb3J3YXJkaW5nICh3aGlj
aCBJIHdvdWxkIGV4cGVjdCB0byB3b3JrIHdpdGggDQpsb29wYmFjaykuDQo+DQo+ICAgICB3
aXRob3V0IHRoZSBuZWVkIHRvIGhhdmluZyB0bw0KPiAgICAgc3BlY2lmeSBJTkFERFJfQU5Z
IGFsbCB0aGUgdGltZS4NCj4NCkkgZG9uJ3QgcmVjb21tZW5kIHRoaXMgYXMgYSBkZWZhdWx0
LCBhcyBpdCBvcGVucyB1cCBwb3RlbnRpYWwgc2VjdXJpdHkgDQpwcm9ibGVtcyAoc29tZSBw
cm9ncmFtcyBvcGVuIGEgd2ViIHNlcnZlciBmb3IgbG9jYWwgY29tbXVuaWNhdGlvbiBvbiB0
aGUgDQpjb21wdXRlcikuIElOQUREUl9MT09QQkFDSyBpcyBhIHNhZmUgZGVmYXVsdCwgYW55
b25lIG5lZWRpbmcgc29tZXRoaW5nIA0KZWxzZSBhbmQga25vd2luZyB0aGVpciB1c2UgaXMg
c2FmZSBjYW4gZWFzaWx5IG92ZXJyaWRlIHRvIElOQUREUl9BTlkuDQoNCj4gVGhpcyBpcyB0
aGUgZGVmYXVsdCBpbiBtb3N0IGxpYnJhcmllcyBhbmQgbGFuZ3VhZ2VzLg0KSXMgYWQgcG9w
dWx1bS4gUGxlbnR5IG9mIGJhZCBjaG9pY2VzIGhhdmUgYmVlbiBtYWRlIGluIHRoZSBwYXN0
LCBzZWUgDQplLmcuIGFsbCB0aGUgQ1ZFcywgc28gSSBkb24ndCB0aGluayB0aGlzIGlzIGEg
Z29vZCBhcmd1bWVudC4gKEl0IGlzIGFuIA0KYXJndW1lbnQgaWYgeW91IGFyZSBzd2l0Y2hp
bmcgdG8gSU5BRERSX0FOWSBmb3IgX2NvbnNpc3RlbmN5XywgYnV0IHRoZSANCnBhdGNoIGFw
cGVhcnMgdG8gYmUgZm9yIG90aGVyIHB1cnBvc2VzLikNCg0KR3JlZXRpbmdzLA0KTWF4aW1l
Lg0KDQo=
--------------CBZL1npFS0SwivemYfwwYX0B
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 22-07-2022 02:44, Aleix Conchillo Flaqu=C3=A9 wrote:
ping. easy one=
but might be more controversial.
=
Using
INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when<=
br>
starting the web server inside containers
I don't see what containers have to do with anything? If you want it
to access the Internet, just don't do a network container (don't
create a new network namespace).=C2=A0 Or to reduce access, do create=
a
new network namespace but set up port forwarding (which I would
expect to work with loopback).
=
without the need to having to
specify INADDR_ANY all the time.
I don't recommend this as a default, as it opens up potential
security problems (some programs open a web server for local
communication on the computer). INADDR_LOOPBACK is a safe default,
anyone needing something else and knowing their use is safe can
easily override to INADDR_ANY.
This is the default in most libraries and=
languages.
Is ad populum. Plenty of bad choices have been made in the past,
see e.g. all the CVEs, so I don't think this is a good argument.=C2=
=A0
(It is an argument if you are switching to INADDR_ANY for
_consistency_, but the patch appears to be for other purposes.)
=
Greetings,
Maxime.
--------------CBZL1npFS0SwivemYfwwYX0B--
--------------Wiai1S0wEyBhvul7KWV4VRYW
Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc"
Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m
xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2
ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL
CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc
/gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4
LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C
kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK
CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W
ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ
Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0
k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo
AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE
fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D
=3DOVqp
-----END PGP PUBLIC KEY BLOCK-----
--------------Wiai1S0wEyBhvul7KWV4VRYW--
--------------WZhABcq0SjchyMfMNEKOOqwL--
--------------2GAixkJPZ0wFL05gAA0ZqKJ0
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYtpxfAUDAAAAAAAKCRBJ4+4iGRcl7sbD
AP4mMjM3ZvgOrlKWP/c12MegPo0dzxGLBE6Y6PFLNro3AgD/RpAolN95GjsAmwfVUslrJn85Efu3
ThhBhpZvlG+Hmww=
=rXp7
-----END PGP SIGNATURE-----
--------------2GAixkJPZ0wFL05gAA0ZqKJ0--