unofficial mirror of guile-devel@gnu.org 
 help / color / mirror / Atom feed
* [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK
@ 2022-02-03  0:26 Aleix Conchillo Flaqué
  2022-02-03  7:25 ` Dr. Arne Babenhauserheide
  2022-07-22  0:44 ` Aleix Conchillo Flaqué
  0 siblings, 2 replies; 7+ messages in thread
From: Aleix Conchillo Flaqué @ 2022-02-03  0:26 UTC (permalink / raw)
  To: guile-devel; +Cc: Aleix Conchillo Flaqué

Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when
starting the web server inside containers without the need to having to
specify INADDR_ANY all the time. This is the default in most libraries
and languages.

This doesn't break backwards compatibility since INADDR_LOOPBACK is also
included in INADDR_ANY.

* doc/ref/web.texi (Web Server): update INADDR_LOOPBACK to INADDR_ANY
and related text.

* module/web/server/http.scm (http-open): default to INADDR_ANY for the
web server.
---
 doc/ref/web.texi           | 10 +++++-----
 module/web/server/http.scm |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/doc/ref/web.texi b/doc/ref/web.texi
index 93cd0214f..6b42b8ff6 100644
--- a/doc/ref/web.texi
+++ b/doc/ref/web.texi
@@ -1807,7 +1807,7 @@ socket, listening for request on that port.
 
 @deffn {HTTP Implementation} http [#:host=#f] @
                              [#:family=AF_INET] @
-                             [#:addr=INADDR_LOOPBACK] @
+                             [#:addr=INADDR_ANY] @
                              [#:port 8080] [#:socket]
 The default HTTP implementation.  We document it as a function with
 keyword arguments, because that is precisely the way that it is -- all
@@ -1815,7 +1815,7 @@ of the @var{open-params} to @code{run-server} get passed to the
 implementation's open function.
 
 @example
-;; The defaults: localhost:8080
+;; The defaults: any local IP on port 8080
 (run-server handler)
 ;; Same thing
 (run-server handler 'http '())
@@ -1866,9 +1866,9 @@ handler:
 (run-server hello-world-handler)
 @end example
 
-By default, the web server listens for requests on
-@code{localhost:8080}.  Visit that address in your web browser to
-test.  If you see the string, @code{Hello World!}, sweet!
+By default, the web server listens for requests on port @code{8080}.
+Visit @code{http://localhost:8080} in your web browser to test.  If you
+see the string, @code{Hello World!}, sweet!
 
 @subsubsection Inspecting the Request
 
diff --git a/module/web/server/http.scm b/module/web/server/http.scm
index 05bf46bf0..91354021c 100644
--- a/module/web/server/http.scm
+++ b/module/web/server/http.scm
@@ -1,6 +1,6 @@
 ;;; Web I/O: HTTP
 
-;; Copyright (C)  2010, 2011, 2012, 2015 Free Software Foundation, Inc.
+;; Copyright (C)  2010, 2011, 2012, 2015, 2022 Free Software Foundation, Inc.
 
 ;; This library is free software; you can redistribute it and/or
 ;; modify it under the terms of the GNU Lesser General Public
@@ -61,7 +61,7 @@
                     (family AF_INET)
                     (addr (if host
                               (inet-pton family host)
-                              INADDR_LOOPBACK))
+                              INADDR_ANY))
                     (port 8080)
                     (socket (make-default-socket family addr port)))
   (listen socket 128)
-- 
2.35.1




^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK
  2022-02-03  0:26 [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK Aleix Conchillo Flaqué
@ 2022-02-03  7:25 ` Dr. Arne Babenhauserheide
  2022-07-22  0:44 ` Aleix Conchillo Flaqué
  1 sibling, 0 replies; 7+ messages in thread
From: Dr. Arne Babenhauserheide @ 2022-02-03  7:25 UTC (permalink / raw)
  To: Aleix Conchillo Flaqué; +Cc: guile-devel

[-- Attachment #1: Type: text/plain, Size: 813 bytes --]


Aleix Conchillo Flaqué <aconchillo@gmail.com> writes:

> Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when
> starting the web server inside containers without the need to having to
> specify INADDR_ANY all the time. This is the default in most libraries
> and languages.
>
> This doesn't break backwards compatibility since INADDR_LOOPBACK is also
> included in INADDR_ANY.

I’d like to know whether there was a specific reason not to use it.

I prefer the new behavior (ANY), because it’s less surprising (it once
surprised me that it was different).

It might be an option to switch to IPV6 ANY instead to get a real ANY.
But there are different opinions about this.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 1125 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK
  2022-02-03  0:26 [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK Aleix Conchillo Flaqué
  2022-02-03  7:25 ` Dr. Arne Babenhauserheide
@ 2022-07-22  0:44 ` Aleix Conchillo Flaqué
  2022-07-22  9:44   ` Maxime Devos
  2022-07-22 11:45   ` Greg Troxel
  1 sibling, 2 replies; 7+ messages in thread
From: Aleix Conchillo Flaqué @ 2022-07-22  0:44 UTC (permalink / raw)
  To: guile-devel

[-- Attachment #1: Type: text/plain, Size: 3232 bytes --]

ping. easy one but might be more controversial.

On Wed, Feb 2, 2022 at 4:26 PM Aleix Conchillo Flaqué <aconchillo@gmail.com>
wrote:

> Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when
> starting the web server inside containers without the need to having to
> specify INADDR_ANY all the time. This is the default in most libraries
> and languages.
>
> This doesn't break backwards compatibility since INADDR_LOOPBACK is also
> included in INADDR_ANY.
>
> * doc/ref/web.texi (Web Server): update INADDR_LOOPBACK to INADDR_ANY
> and related text.
>
> * module/web/server/http.scm (http-open): default to INADDR_ANY for the
> web server.
> ---
>  doc/ref/web.texi           | 10 +++++-----
>  module/web/server/http.scm |  4 ++--
>  2 files changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/doc/ref/web.texi b/doc/ref/web.texi
> index 93cd0214f..6b42b8ff6 100644
> --- a/doc/ref/web.texi
> +++ b/doc/ref/web.texi
> @@ -1807,7 +1807,7 @@ socket, listening for request on that port.
>
>  @deffn {HTTP Implementation} http [#:host=#f] @
>                               [#:family=AF_INET] @
> -                             [#:addr=INADDR_LOOPBACK] @
> +                             [#:addr=INADDR_ANY] @
>                               [#:port 8080] [#:socket]
>  The default HTTP implementation.  We document it as a function with
>  keyword arguments, because that is precisely the way that it is -- all
> @@ -1815,7 +1815,7 @@ of the @var{open-params} to @code{run-server} get
> passed to the
>  implementation's open function.
>
>  @example
> -;; The defaults: localhost:8080
> +;; The defaults: any local IP on port 8080
>  (run-server handler)
>  ;; Same thing
>  (run-server handler 'http '())
> @@ -1866,9 +1866,9 @@ handler:
>  (run-server hello-world-handler)
>  @end example
>
> -By default, the web server listens for requests on
> -@code{localhost:8080}.  Visit that address in your web browser to
> -test.  If you see the string, @code{Hello World!}, sweet!
> +By default, the web server listens for requests on port @code{8080}.
> +Visit @code{http://localhost:8080} in your web browser to test.  If you
> +see the string, @code{Hello World!}, sweet!
>
>  @subsubsection Inspecting the Request
>
> diff --git a/module/web/server/http.scm b/module/web/server/http.scm
> index 05bf46bf0..91354021c 100644
> --- a/module/web/server/http.scm
> +++ b/module/web/server/http.scm
> @@ -1,6 +1,6 @@
>  ;;; Web I/O: HTTP
>
> -;; Copyright (C)  2010, 2011, 2012, 2015 Free Software Foundation, Inc.
> +;; Copyright (C)  2010, 2011, 2012, 2015, 2022 Free Software Foundation,
> Inc.
>
>  ;; This library is free software; you can redistribute it and/or
>  ;; modify it under the terms of the GNU Lesser General Public
> @@ -61,7 +61,7 @@
>                      (family AF_INET)
>                      (addr (if host
>                                (inet-pton family host)
> -                              INADDR_LOOPBACK))
> +                              INADDR_ANY))
>                      (port 8080)
>                      (socket (make-default-socket family addr port)))
>    (listen socket 128)
> --
> 2.35.1
>
>

[-- Attachment #2: Type: text/html, Size: 4012 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK
  2022-07-22  0:44 ` Aleix Conchillo Flaqué
@ 2022-07-22  9:44   ` Maxime Devos
  2022-07-22 17:14     ` Aleix Conchillo Flaqué
  2022-07-22 11:45   ` Greg Troxel
  1 sibling, 1 reply; 7+ messages in thread
From: Maxime Devos @ 2022-07-22  9:44 UTC (permalink / raw)
  To: Aleix Conchillo Flaqué, guile-devel


[-- Attachment #1.1.1.1: Type: text/plain, Size: 1355 bytes --]

On 22-07-2022 02:44, Aleix Conchillo Flaqué wrote:

> ping. easy one but might be more controversial.
>
> On Wed, Feb 2, 2022 at 4:26 PM Aleix Conchillo Flaqué 
> <aconchillo@gmail.com> wrote:
>
>     Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when
>     starting the web server inside containers
>
I don't see what containers have to do with anything? If you want it to 
access the Internet, just don't do a network container (don't create a 
new network namespace).  Or to reduce access, do create a new network 
namespace but set up port forwarding (which I would expect to work with 
loopback).
>
>     without the need to having to
>     specify INADDR_ANY all the time.
>
I don't recommend this as a default, as it opens up potential security 
problems (some programs open a web server for local communication on the 
computer). INADDR_LOOPBACK is a safe default, anyone needing something 
else and knowing their use is safe can easily override to INADDR_ANY.

> This is the default in most libraries and languages.
Is ad populum. Plenty of bad choices have been made in the past, see 
e.g. all the CVEs, so I don't think this is a good argument. (It is an 
argument if you are switching to INADDR_ANY for _consistency_, but the 
patch appears to be for other purposes.)

Greetings,
Maxime.


[-- Attachment #1.1.1.2: Type: text/html, Size: 2725 bytes --]

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 929 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK
  2022-07-22  0:44 ` Aleix Conchillo Flaqué
  2022-07-22  9:44   ` Maxime Devos
@ 2022-07-22 11:45   ` Greg Troxel
  2022-07-22 17:16     ` Aleix Conchillo Flaqué
  1 sibling, 1 reply; 7+ messages in thread
From: Greg Troxel @ 2022-07-22 11:45 UTC (permalink / raw)
  To: Aleix Conchillo Flaqué; +Cc: guile-devel

[-- Attachment #1: Type: text/plain, Size: 1085 bytes --]


Aleix Conchillo Flaqué <aconchillo@gmail.com> writes:

>> Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when
>> starting the web server inside containers without the need to having to
>> specify INADDR_ANY all the time. This is the default in most libraries
>> and languages.

I may be an outlier, but I don't think we should optimize for
containers.  I think that by default, most things that can reasonably
just listen on localhost should and those that want wider scope can
configure them (which should be easy and apparently is).

It seems this was an earlier conscious choice, from reading the patched docs.

>> This doesn't break backwards compatibility since INADDR_LOOPBACK is also
>> included in INADDR_ANY.

It does break compat because the previous way had a security property
that this one doesn't.  This is fundamentally a disagreement about what
"works" means.  Some people think works primarily means "when I click X
I see Y" and others thinks works primarily means "security properties
(that nothing bad happens" are upheld".

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 194 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK
  2022-07-22  9:44   ` Maxime Devos
@ 2022-07-22 17:14     ` Aleix Conchillo Flaqué
  0 siblings, 0 replies; 7+ messages in thread
From: Aleix Conchillo Flaqué @ 2022-07-22 17:14 UTC (permalink / raw)
  To: Maxime Devos; +Cc: guile-devel

[-- Attachment #1: Type: text/plain, Size: 1696 bytes --]

Thank you Maxime,

On Fri, Jul 22, 2022 at 2:44 AM Maxime Devos <maximedevos@telenet.be> wrote:

> On 22-07-2022 02:44, Aleix Conchillo Flaqué wrote:
>
> ping. easy one but might be more controversial.
>
> On Wed, Feb 2, 2022 at 4:26 PM Aleix Conchillo Flaqué <
> aconchillo@gmail.com> wrote:
>
>> Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when
>> starting the web server inside containers
>
> I don't see what containers have to do with anything? If you want it to
> access the Internet, just don't do a network container (don't create a new
> network namespace).  Or to reduce access, do create a new network namespace
> but set up port forwarding (which I would expect to work with loopback).
>

Now that I read it again, I have no clue what containers have to do with
this either, especially because I never run Guile in a container... So,
forget about the container reference.



> without the need to having to
>> specify INADDR_ANY all the time.
>>
> I don't recommend this as a default, as it opens up potential security
> problems (some programs open a web server for local communication on the
> computer). INADDR_LOOPBACK is a safe default, anyone needing something else
> and knowing their use is safe can easily override to INADDR_ANY.
>
> This is the default in most libraries and languages.
>
> Is ad populum. Plenty of bad choices have been made in the past, see e.g.
> all the CVEs, so I don't think this is a good argument.  (It is an argument
> if you are switching to INADDR_ANY for _consistency_, but the patch appears
> to be for other purposes.)
>
>
Makes sense. Thank you for the reply!

Best,

Aleix

[-- Attachment #2: Type: text/html, Size: 3898 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK
  2022-07-22 11:45   ` Greg Troxel
@ 2022-07-22 17:16     ` Aleix Conchillo Flaqué
  0 siblings, 0 replies; 7+ messages in thread
From: Aleix Conchillo Flaqué @ 2022-07-22 17:16 UTC (permalink / raw)
  To: Greg Troxel; +Cc: guile-devel

[-- Attachment #1: Type: text/plain, Size: 1423 bytes --]

On Fri, Jul 22, 2022 at 4:45 AM Greg Troxel <gdt@lexort.com> wrote:

>
> Aleix Conchillo Flaqué <aconchillo@gmail.com> writes:
>
> >> Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when
> >> starting the web server inside containers without the need to having to
> >> specify INADDR_ANY all the time. This is the default in most libraries
> >> and languages.
>
> I may be an outlier, but I don't think we should optimize for
> containers.  I think that by default, most things that can reasonably
> just listen on localhost should and those that want wider scope can
> configure them (which should be easy and apparently is).
>
> It seems this was an earlier conscious choice, from reading the patched
> docs.
>
>
Agree about the container comment. As I said on the other email, I have no
idea why I wrote container there since I never run Guile in a container.

>> This doesn't break backwards compatibility since INADDR_LOOPBACK is also
> >> included in INADDR_ANY.
>
> It does break compat because the previous way had a security property
> that this one doesn't.  This is fundamentally a disagreement about what
> "works" means.  Some people think works primarily means "when I click X
> I see Y" and others thinks works primarily means "security properties
> (that nothing bad happens" are upheld".
>

Makes sense as well. Thank you for your input!

Best,

Aleix

[-- Attachment #2: Type: text/html, Size: 2737 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2022-07-22 17:16 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-03  0:26 [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK Aleix Conchillo Flaqué
2022-02-03  7:25 ` Dr. Arne Babenhauserheide
2022-07-22  0:44 ` Aleix Conchillo Flaqué
2022-07-22  9:44   ` Maxime Devos
2022-07-22 17:14     ` Aleix Conchillo Flaqué
2022-07-22 11:45   ` Greg Troxel
2022-07-22 17:16     ` Aleix Conchillo Flaqué

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).