Index | Thread | Search

From:
CIVINULL <civinull@i2pmail.org>
Subject:
Re: 18-year-old security flaw in Chromium and Firefox exploited in attacks
To:
"Theo de Raadt" <deraadt@openbsd.org>
Cc:
ports@openbsd.org
Date:
Fri, 9 Aug 2024 09:03:35 +0000

Download raw body.

Thread 
On Fri,  9 Aug 2024 06:46:57 +0000 (UTC)
"Theo de Raadt" <deraadt@openbsd.org> wrote:

> CIVINULL <civinull@i2pmail.org> wrote:
> 
> > https://www.bleepingcomputer.com/news/security/18-year-old-security-flaw-in-firefox-and-chrome-exploited-in-attacks/
> > 
> > I wonder if the sandboxing of Chromium and Firefox on OpenBSD will
> > prevent it from being affected by this vulnerability.  
> 
> Sorry, our sandboxing efforts does not solve this problem.
> 
> Instead, the problem was fixed in a series of commits in 1998, when
> the OpenBSD kernel stopped considering 255.255.255.255 and 0.0.0.0 as
> referring to localhost.
> 
> sys/netinet/in.c
> 
> revision 1.4
> date: 1998/02/25 03:45:14;  author: angelos;  state: Exp;  lines: +20
> -4; Disallow TCP connects to 255.255.255.255 or local broadcast
> addresses. revision 1.5
> date: 1998/02/25 04:53:09;  author: angelos;  state: Exp;  lines: +2
> -2; Pay attention.
> revision 1.7
> date: 1998/02/25 23:44:57;  author: deraadt;  state: Exp;  lines: +4
> -17; patch could not have been tested. panics machine on boot
> revision 1.8
> date: 1998/02/28 03:39:56;  author: angelos;  state: Exp;  lines: +20
> -4; Another shot at disallowing TCP connections to 255.255.255.255,
> 0.0.0.0 and any local broadcast addresses. Tested.
> 
> 
> I suspect RFC's this work preceeded RFCs which didn't require that
> bizzare historical behaviour; I have not dug into my mail archives
> to remember how this played out.
> 
> 
> I forget what protocol worried us back in those days, to let us to fix
> it.  Today it is chrome and firefox.  Next year this will some other
> protocol or program, because there are operating systems who don't
> want to fix this issue (or issues like it) at the correct layer
> because they don't are unwilling to perform an ecosystem study to
> find the rare things using it, force their repair, and then cut out
> the tumour.

Thanks for taking the time to answer my question. I don't know the
inner workings of OpenBSD perfectly, just some of the security
mechanisms. It is impressive that measures were taken so early to avoid
vulnerabilities like this one, that OpenBSD is a pro-actively secure
operating system is not a marketing strategy, it is 100% true.