[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [patch #9170] ipv4/ipv6: restrict loopback-destined traffic
From: |
David van Moolenbroek |
Subject: |
[lwip-devel] [patch #9170] ipv4/ipv6: restrict loopback-destined traffic |
Date: |
Sat, 17 Dec 2016 20:38:08 -0000 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 |
URL:
<http://savannah.nongnu.org/patch/?9170>
Summary: ipv4/ipv6: restrict loopback-destined traffic
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: dcvmoole
Submitted on: Tue 22 Nov 2016 07:10:59 PM GMT
Category: None
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
_______________________________________________________
Details:
For your consideration. Commit message reproduced below. While the same check
could be implemented with input hooks, I believe that from a "security by
default" point of view it makes sense to implement this in lwIP itself. FWIW,
I have verified (pre+post) that at least on my configuration, the patch indeed
has the intended effect. As a bit of background, for one example (which
admittedly I found with a google search) of why this is relevant for security,
see
https://googleprojectzero.blogspot.nl/2015/01/finding-and-exploiting-ntpd.html
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lwip-devel] [patch #9170] ipv4/ipv6: restrict loopback-destined traffic,
David van Moolenbroek <=