Security changes - restricting uhttpd addresses
Mikael Magnusson
mikma.wg at lists.m7n.se
Wed Oct 26 12:35:37 PDT 2022
On 2022-10-26 18:55, Etienne Champetier wrote:
> Le mar. 25 oct. 2022 à 17:47, Michael Richardson
> <mcr+ietf at sandelman.ca> a écrit :
>>
>> Peter Naulls <peter at chocky.org> wrote:
>>
>> > It might also be better if uhttpd could be configured to bind
>> > to a specific interface rather than knowing its IP upfront, but
>> > that might be impractical.
>>
>> It's totally impractical.
> Can't we bind to 0.0.0.0 and use SO_BINDTODEVICE to make sure it's
> really only responding on the right interface ?
> With complicated routing setup it changes a bit the behavior, but this
> might be the simplest option if we don't want to rely only on the
> firewall
I have an experimental branch with SO_BINDTODEVICE support,
but I haven't tested it with the latest stable or snapshot releases yet.
https://cgit.m7n.se/pub/openwrt/uhttpd/log/?h=bind-to-device-master
/Mikael
More information about the openwrt-devel
mailing list