lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 3 Mar 2020 23:03:35 +0000
From:   Luke Dashjr <luke@...hjr.org>
To:     linux-kernel@...r.kernel.org
Subject: Bug? Non-privileged processes can in some cases spoof the wrong sending IP

It seems non-privileged processes can bind an IP on one interface, and then 
send to addresses not routed through that interface, to spoof that IP on an 
unrelated network (eg, the default route).

Shouldn't there be something to prevent this? Presumably it's not expected 
behaviour, since you can't just bind to any arbitrary addresses...?

(FWIW I can see cases where this might be considered a security issue, but the 
MAINTAINERS file explicitly said address leaks don't count...)

Luke

P.S. I discovered this because Chromium's WebRTC implementation attempts to 
send UDP from configured IPv4 address; and then Linux's MASQUERADE also 
doesn't check that it have the correct return path, so it tried to NAT my WAN 
to my WAN, which resulted in sending out from the origin IP instead of my 
own, and triggered my modem to disconnect me. (I guess this scenario is a bit 
too convoluted to be considered a general DoS risk)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ