Hi
I am running xfree86 on configuration with only tcp/ip (no unix domain
sockets) and I discovered a really weird behaviour:
When standard ":0.0" display is passed to an application, Xlib calls
gethostname() to determine my own host name, then queries the nameserver
for that name and connects to that IP address --- it opens pretty bad
security hole: anyone on LAN can spoof nameserver responses and mess with
applications that are supposed to run locally. Why doesn't it use
127.0.0.1 that is designed for this purpose?
So far, I fixed it with this patch (it needs to have IPv6 support added if
you want to commit it).
Mikulas
diff -u -r ../../X/XC/LIB/XTRANS/XTRANSSOCK.C ./XTRANS/XTRANSSOCK.C
--- ../../X/XC/LIB/XTRANS/XTRANSSOCK.C 2006-03-01 23:01:55.000000000 +0200
+++ ./XTRANS/XTRANSSOCK.C 2006-11-13 06:52:44.000000000 +0200
@@ -1408,12 +1408,13 @@
PRMSG (2,"SocketINETConnect(%d,%s,%s)\n", ciptr->fd, host, port);
+ hostnamebuf[0] = '\0';
+ (void) TRANS(GetHostname) (hostnamebuf, sizeof hostnamebuf);
if (!host)
{
- hostnamebuf[0] = '\0';
- (void) TRANS(GetHostname) (hostnamebuf, sizeof hostnamebuf);
host = hostnamebuf;
}
+ if (!strcasecmp(host, hostnamebuf)) host = "127.0.0.1";
#ifdef X11_t
/*
_______________________________________________
Devel mailing list
Devel@XFree86.Org
http://XFree86.Org/mailman/listinfo/devel
