krb5 address checks and loopback connections
Sam Hartman
hartmans at MIT.EDU
Tue Jul 9 13:05:00 EDT 2002
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at ubsw.com> writes:
Nicolas> IMO, hosts should never accept incoming packets with
Nicolas> source or destination loopback addresses. If a host does
Nicolas> accept such packets then I would consider that a bug in
Nicolas> the OS.
I think you're living in your own little universe on this one
unfortunately. I agree the OS should deal, but many seem not to.
Ken and I talked off line yesterday. Here's what I think we agreed to:
* Include Ken's fix because we cannot think of how it makes spoofing
any worse except in localhost-only services. If you have a
localhost-only service and you haven't set up firewall rules or
patched your OS to do spoof protection, then you are beyond help
from a security standpoint. Also, note that localhost Kerberos
services do not actually work at all.
* Default to addressless tickets once the patch is integrated and
tested.
More information about the krbdev
mailing list