On Wed, Jul 31, 2013 at 3:01 PM, Thomas Goirand <z...@debian.org> wrote: > On 07/31/2013 06:47 PM, Vincent Lefevre wrote: >> On 2013-07-31 11:00:24 +0200, Vincent Bernat wrote: >>> ❦ 31 juillet 2013 09:46 CEST, Thomas Goirand <z...@debian.org> : >>>> He did wrote it. 127.0.1.1 breaks because some daemon (many, according >>>> to him) bind only on 127.0.0.1, and not 127.0.0.0/8 as they should. >>> >>> How a daemon could bind to 127.0.0.0/8? bind() only takes an IP address. >> >> Perhaps Thomas actually meant accept any address, then drop those >> outside 127.0.0.0/8? > > Correct.
Using SO_BINDTODEVICE ? Does it is limited to root (some time ago it was limited to root but now no mention on man 7 socket). BTW how to detect unsafe usage of 127.0.0.1 ? codesearch of INADDR_LOOPBACK is inconclusive. > >> But this wouldn't necessarily solve the >> mentioned "problem" anyway. > > I'm not sure there's a problem anyway. I'm on the side of Steve, which > is I think the current setup works quite well. Our users can do a > minimum of configuration, that's what I expect from anyone running a > server/daemon anyway (things who are aimed at our users should be using > localhost anyway). > > Thomas > > > -- > To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/51f90aa1.70...@debian.org > -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAE2SPAbdsonr5G39M_PPN8gm8HOX_cwkaG_uvFhjLaaJ=es...@mail.gmail.com
