Re: The netsec thread

emacs-devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The netsec thread

From:	Robert Pluim
Subject:	Re: The netsec thread
Date:	Mon, 23 Jul 2018 22:51:21 +0200
Eli Zaretskii <address@hidden> writes:

>> From: Robert Pluim <address@hidden>
>> Cc: Emacs-Devel devel <address@hidden>,  Eli Zaretskii <address@hidden>
>> Date: Mon, 23 Jul 2018 19:25:48 +0200
>> 
>> I still fail to see the real need for it, but I guess Eli has a
>> use-case.
>
> All the computers on my home network is my use case.

You regularly make connections from one machine running emacs to a
different machine on the same subnet using TLS? And you donʼt want to
answer 'a' once per target machine? Iʼll allow it, even if I donʼt
understand it. :-)

Trial implementation attached, based off the netsec branch. I got rid
of all the RFC 1918 stuff, and it allows localhost connections
regardless of the value of nsm-trust-local-network, which Iʼm also not
convinced about.

I do wonder if checking all of the target host's addresses is
overkill, but we can always take that out.

diff --git i/lisp/net/nsm.el w/lisp/net/nsm.el
index b59ea07d8a..682a238cc1 100644
--- i/lisp/net/nsm.el
+++ w/lisp/net/nsm.el
@@ -70,9 +70,15 @@ nsm-trust-local-network
 such as attempting to connect to an email server that do not
 follow these practices inside a school or corporate network, NSM
 may produce warnings for such occasions.  Setting this option to
-a non-nil value, or a zero-argument function that returns non-nil
-tells NSM to skip checking for potential TLS vulnerabilities when
-connecting to hosts on a local network.
+a non-nil value tells NSM to skip checking for potential TLS
+vulnerabilities when connecting to hosts on a local network,
+which is determined by inspecting the network addresses of the
+local machine.
+
+This option can be set to a function taking one argument, in
+which case that function will be called once for each IP address
+that is found for the target host.  It should return t if TLS
+checks should not be performed for that address.
 
 Make sure you know what you are doing before enabling this
 option."
@@ -204,54 +210,74 @@ nsm-tls-post-check-functions
 RESULTS is an alist where the keys are the checks run and the
 values the results of the checks.")
 
+(defun network-same-subnet-p (local-ip mask ip)
+  "Returns t if IP is in the same subnet as LOCAL-IP/MASK.
+LOCAL-IP, MASK, and IP are specified as vectors of integers, and
+are expected to have the same length.  Works for both IPv4 and
+IPv6 addresses."
+  (let ((matches t)
+        (length (length local-ip)))
+    (unless (memq length '(4 5 8 9))
+      (error "Unexpected length of IP address %S" local-ip))
+    (dotimes (i length)
+      (setq matches (and matches
+                         (=
+                          (logand (aref local-ip i)
+                                  (aref mask i))
+                          (logand (aref ip i)
+                                  (aref mask i))))))
+    matches))
+
 (defun nsm-should-check (host)
   "Determines whether NSM should check for TLS problems for HOST.
 
-If `nsm-trust-local-network' is or returns non-nil, and if the
-host address is a localhost address, a machine address, a direct
-link or a private network address, this function returns
-nil.  Non-nil otherwise."
-  (let* ((address (or (nslookup-host-ipv4 host nil 'vector)
-                      (nslookup-host-ipv6 host nil 'vector)))
-         (ipv4? (eq (length address) 4)))
+If one of HOST's addresses is a localhost address this returns
+nil.
+
+If `nsm-trust-local-network' is t this function will check if any
+of HOST's addresses are in the same subnet as any directly
+connected interfaces, and will return nil if so.
+
+If `nsm-trust-local-network' is a function it will be called once
+for each address of HOST.  If one of those calls returns t then
+`nsm-should-check' will return nil immediately, and processing of
+the HOST's addresses will stop.
+
+Otherwise returns t."
+  (let ((addresses (network-lookup-address-info host)))
     (not
-     (or (if ipv4?
-             (or
-              ;; (0.x.x.x) this machine
-              (eq (aref address 0) 0)
-              ;; (127.x.x.x) localhost
-              (eq (aref address 0) 0))
-           (or
-            ;; (::) IPv6 this machine
-            (not (cl-mismatch address [0 0 0 0 0 0 0 0]))
-            ;; (::1) IPv6 localhost
-            (not (cl-mismatch address [0 0 0 0 0 0 0 1]))))
-         (and (or (and (functionp nsm-trust-local-network)
-                       (funcall nsm-trust-local-network))
-                  nsm-trust-local-network)
-              (if ipv4?
-                  (or
-                   ;; (10.x.x.x) private
-                   (eq (aref address 0) 10)
-                   ;; (172.16.x.x) private
-                   (and (eq (aref address 0) 172)
-                        (eq (aref address 0) 16))
-                   ;; (192.168.x.x) private
-                   (and (eq (aref address 0) 192)
-                        (eq (aref address 0) 168))
-                   ;; (198.18.x.x) private
-                   (and (eq (aref address 0) 198)
-                        (eq (aref address 0) 18))
-                   ;; (169.254.x.x) link-local
-                   (and (eq (aref address 0) 169)
-                        (eq (aref address 0) 254)))
-                (memq (aref address 0)
-                      '(
-                        64512  ;; (fc00::) IPv6 unique local address
-                        64768  ;; (fd00::) IPv6 unique local address
-                        65152  ;; (fe80::) IPv6 link-local
-                        )
-                      )))))))
+     (catch 'trust
+       (dolist (address addresses)
+         (let* ((length (length address))
+                (ipv4? (eq length 4)))
+           (if ipv4?
+               ;; (127.x.x.x) localhost
+               (and (eq (aref address 0) 127)
+                    (throw 'trust t))
+             ;; (::) IPv6 this machine and (::1) IPv6 localhost
+             (and (or (not (cl-mismatch address [0 0 0 0 0 0 0 0]))
+                      (not (cl-mismatch address [0 0 0 0 0 0 0 1]))
+                      (memq (aref address 0)
+                            '(
+                              64512  ;; (fc00::) IPv6 unique local address
+                              64768  ;; (fd00::) IPv6 unique local address
+                              65152  ;; (fe80::) IPv6 link-local
+                              )))
+                  (throw 'trust t)))
+           (cond
+            ((functionp nsm-trust-local-network)
+             (and (funcall nsm-trust-local-network address)
+                  (throw 'trust t)))
+            (nsm-trust-local-network
+             (and
+              (cl-find-if #'(lambda (x)
+                              (network-same-subnet-p (subseq (car x) 0 length)
+                                                     (subseq (caddr x) 0 
length)
+                                                     address))
+                          (map-apply (lambda (a b)
+                                       (network-interface-info a))
+                                     (network-interface-list)))
+              (throw 'trust t))))))))))
 
 (defun nsm-check-tls-connection (process host port status settings)
   "Check TLS connection against potential security problems.
[Prev in Thread]
Current Thread
[Next in Thread]
Re: The netsec thread, (continued)
- Re: The netsec thread, Jimmy Yuen Ho Wong, 2018/07/20
  - Re: The netsec thread, Jimmy Yuen Ho Wong, 2018/07/20
  - Re: The netsec thread, Lars Ingebrigtsen, 2018/07/20
Prev by Date: Re: [Feature Discuss] Nested buffer
Next by Date: Re: [RFC] automatically retrying network connections
Previous by thread: Re: The netsec thread
Next by thread: Re: The netsec thread
Index(es):
- Date
- Thread