Thanks!
So much to learn ... so many printed pages with notes.
I'll get there.
On 9/2/24 06:15, Stuart Henderson wrote:
>> On Sun, Sep 01, 2024 at 05:09:14PM -0400, David Colburn wrote:
>>>>> 3. That's the addresses where the server daemon will listen to for
>>>>> connections from clients. It has to be the address of one of the
>>>>> machine's interfaces. See previous messages on the thread, to decide
>>>>> whether you want it to listen on a loopback interface, or on an
>>>>> egress interface. Set this option to 0.0.0.0 to listen on all
>>>>> available interfaces.
> That is talking about the address that mariadb server is listening on.
> 0.0.0.0 is "listen for requests to any v4 address on the machine".
>
>>> I was searching to learn about using a specific machine interface vs 0.0.0.0
>>>
>>> and came upon this from August 7, 2024 ...
>>>
>>> https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
> That is talking about browsers allowing client connections *to*
> 0.0.0.0 which may allow javascript/html to trigger making a connection
> to a service that is only listening to 127.0.0.1. Now you could still
> connect to that service by connecting to 127.0.0.1, but newer browsers
> specifically treat connections to localhost or private network
> addresses as more highly privileged, and don't allow random websites to
> do that (only trigger connections to internet servers).
>
> That (or the v6 equivalent) doesn't work on OpenBSD anyway.
>
> $ telnet 0.0.0.0 22
> Trying 0.0.0.0...
> telnet: connect to address 0.0.0.0: Invalid argument
>
> $ telnet :: 22
> Trying ::...
> telnet: connect to address ::: Invalid argument
>
>
>>> Although they don't specifically mention OpenBSD is it correct that:
>>>
>>> A. Using 0.0.0.0 in my server settings may be less-secure?
>>>
>>> B. That in the near future it won't work at all?
>>>
>>> C. I'm misunderstanding the article and it's not relevant to my server
>>> setup?
> C.
>
No comments:
Post a Comment