On Mon, 14 Apr 2008, Kai Blin wrote: > On Monday 14 April 2008 18:42:26 Paul Chitescu wrote: > >> Binding to a specific address is the only easy way of detecting which >> interface an UDP packet was received on since recvfrom() only gives source >> address, not destination. Listening on 0.0.0.0 would make impossible to >> tell which interface a packet was received on. Furthermore, a program that >> explicitely tries to bind to each interface would fail all but the first >> bind and possibly bail out. Probably many games that use UDP would break. > > I'm currently trying to fix apps that fail doing the following (which seems to > be a popular way among game developers), in pseudo-code. > > hostname = gethostname(); > hostent = gethostbyname(hostname); > sockaddr->sin_addr = hostent->addr; > sock = socket(); > bind(sock, sockaddr); > > Which, as Christoph noted, cause windows apps to bind to loopback addresses, > breaking the networking. This only started to happen recently as recently > Linux distros started mapping the machine's hostname to a loopback address. I > don't think Wine ever used the registry for anything like that. > > Cheers, > Kai > > -- > Kai Blin > WorldForge developer http://www.worldforge.org/ > Wine developer http://wiki.winehq.org/KaiBlin > Samba team member http://www.samba.org/samba/team/ > -- > Will code for cotton.
Hi, Kai! Your patch seems quite safe to me as it checks lots of stuff. I disagreed to Christoph Frick's proposal of always binding to 0.0.0.0 As a security enhancement, what about randomly initializing the last 3 octets of magic_loopback_addr at every run instance? This could help fend off potential attacks targeted at buggy applications running in Wine by sending this special address over some other protocol. A remote attacker can convince a local application to listen on all interfaces including Internet attached ones while thinking it (safely) listens only on loopback. Regards, Paul Chitescu
