* Question - bind(2) to local route on main routing table
@ 2022-08-10 18:39 Dhupar, Rishi
0 siblings, 0 replies; only message in thread
From: Dhupar, Rishi @ 2022-08-10 18:39 UTC (permalink / raw)
To: netdev; +Cc: Gero, Charlie
Hi,
We recently discovered an inconsistency in the behavior of bind(2) with respect to a type local route being added to the main table.
I was able to track down the issue and it appears it was introduced in this commit[1] which merged the local and main fib tries for performance and which are then later unmerged once the RPDB is modified.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcf43d5d4a03ded1ee3f6b3b72a0cbed4e90b1
Synopsis: a user can bind(2) to any address within the prefix of a type local route that has been added to the main routing table
Short example on an untainted Ubuntu 22.04 machine
$ ip route add local 1.2.3.4/32 dev lo table main
$ nc -n -s 1.2.3.4 -l -p 9999 # Succeeds
$ ip rule add table 100 # This can be any change to RPDB
$ nc -n -s 1.2.3.4 -l -p 9999
Can't grab 1.2.3.4:9999 with bind : Cannot assign requested address
Note: This also impacts implicit bind behavior wrt to system calls such as connect(2).
Does this warrant further investigation and/or possibly a patch to disallow this behavior?
Regards,
Rishi Dhupar
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-08-10 18:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-10 18:39 Question - bind(2) to local route on main routing table Dhupar, Rishi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.