* Bug? Non-privileged processes can in some cases spoof the wrong sending IP
@ 2020-03-03 23:03 Luke Dashjr
0 siblings, 0 replies; only message in thread
From: Luke Dashjr @ 2020-03-03 23:03 UTC (permalink / raw)
To: linux-kernel
It seems non-privileged processes can bind an IP on one interface, and then
send to addresses not routed through that interface, to spoof that IP on an
unrelated network (eg, the default route).
Shouldn't there be something to prevent this? Presumably it's not expected
behaviour, since you can't just bind to any arbitrary addresses...?
(FWIW I can see cases where this might be considered a security issue, but the
MAINTAINERS file explicitly said address leaks don't count...)
Luke
P.S. I discovered this because Chromium's WebRTC implementation attempts to
send UDP from configured IPv4 address; and then Linux's MASQUERADE also
doesn't check that it have the correct return path, so it tried to NAT my WAN
to my WAN, which resulted in sending out from the origin IP instead of my
own, and triggered my modem to disconnect me. (I guess this scenario is a bit
too convoluted to be considered a general DoS risk)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-03-03 23:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-03 23:03 Bug? Non-privileged processes can in some cases spoof the wrong sending IP Luke Dashjr
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.