[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The netsec thread
From: |
Robert Pluim |
Subject: |
Re: The netsec thread |
Date: |
Mon, 23 Jul 2018 22:51:21 +0200 |
Eli Zaretskii <address@hidden> writes:
>> From: Robert Pluim <address@hidden>
>> Cc: Emacs-Devel devel <address@hidden>, Eli Zaretskii <address@hidden>
>> Date: Mon, 23 Jul 2018 19:25:48 +0200
>>
>> I still fail to see the real need for it, but I guess Eli has a
>> use-case.
>
> All the computers on my home network is my use case.
You regularly make connections from one machine running emacs to a
different machine on the same subnet using TLS? And you donʼt want to
answer 'a' once per target machine? Iʼll allow it, even if I donʼt
understand it. :-)
Trial implementation attached, based off the netsec branch. I got rid
of all the RFC 1918 stuff, and it allows localhost connections
regardless of the value of nsm-trust-local-network, which Iʼm also not
convinced about.
I do wonder if checking all of the target host's addresses is
overkill, but we can always take that out.
diff --git i/lisp/net/nsm.el w/lisp/net/nsm.el
index b59ea07d8a..682a238cc1 100644
--- i/lisp/net/nsm.el
+++ w/lisp/net/nsm.el
@@ -70,9 +70,15 @@ nsm-trust-local-network
such as attempting to connect to an email server that do not
follow these practices inside a school or corporate network, NSM
may produce warnings for such occasions. Setting this option to
-a non-nil value, or a zero-argument function that returns non-nil
-tells NSM to skip checking for potential TLS vulnerabilities when
-connecting to hosts on a local network.
+a non-nil value tells NSM to skip checking for potential TLS
+vulnerabilities when connecting to hosts on a local network,
+which is determined by inspecting the network addresses of the
+local machine.
+
+This option can be set to a function taking one argument, in
+which case that function will be called once for each IP address
+that is found for the target host. It should return t if TLS
+checks should not be performed for that address.
Make sure you know what you are doing before enabling this
option."
@@ -204,54 +210,74 @@ nsm-tls-post-check-functions
RESULTS is an alist where the keys are the checks run and the
values the results of the checks.")
+(defun network-same-subnet-p (local-ip mask ip)
+ "Returns t if IP is in the same subnet as LOCAL-IP/MASK.
+LOCAL-IP, MASK, and IP are specified as vectors of integers, and
+are expected to have the same length. Works for both IPv4 and
+IPv6 addresses."
+ (let ((matches t)
+ (length (length local-ip)))
+ (unless (memq length '(4 5 8 9))
+ (error "Unexpected length of IP address %S" local-ip))
+ (dotimes (i length)
+ (setq matches (and matches
+ (=
+ (logand (aref local-ip i)
+ (aref mask i))
+ (logand (aref ip i)
+ (aref mask i))))))
+ matches))
+
(defun nsm-should-check (host)
"Determines whether NSM should check for TLS problems for HOST.
-If `nsm-trust-local-network' is or returns non-nil, and if the
-host address is a localhost address, a machine address, a direct
-link or a private network address, this function returns
-nil. Non-nil otherwise."
- (let* ((address (or (nslookup-host-ipv4 host nil 'vector)
- (nslookup-host-ipv6 host nil 'vector)))
- (ipv4? (eq (length address) 4)))
+If one of HOST's addresses is a localhost address this returns
+nil.
+
+If `nsm-trust-local-network' is t this function will check if any
+of HOST's addresses are in the same subnet as any directly
+connected interfaces, and will return nil if so.
+
+If `nsm-trust-local-network' is a function it will be called once
+for each address of HOST. If one of those calls returns t then
+`nsm-should-check' will return nil immediately, and processing of
+the HOST's addresses will stop.
+
+Otherwise returns t."
+ (let ((addresses (network-lookup-address-info host)))
(not
- (or (if ipv4?
- (or
- ;; (0.x.x.x) this machine
- (eq (aref address 0) 0)
- ;; (127.x.x.x) localhost
- (eq (aref address 0) 0))
- (or
- ;; (::) IPv6 this machine
- (not (cl-mismatch address [0 0 0 0 0 0 0 0]))
- ;; (::1) IPv6 localhost
- (not (cl-mismatch address [0 0 0 0 0 0 0 1]))))
- (and (or (and (functionp nsm-trust-local-network)
- (funcall nsm-trust-local-network))
- nsm-trust-local-network)
- (if ipv4?
- (or
- ;; (10.x.x.x) private
- (eq (aref address 0) 10)
- ;; (172.16.x.x) private
- (and (eq (aref address 0) 172)
- (eq (aref address 0) 16))
- ;; (192.168.x.x) private
- (and (eq (aref address 0) 192)
- (eq (aref address 0) 168))
- ;; (198.18.x.x) private
- (and (eq (aref address 0) 198)
- (eq (aref address 0) 18))
- ;; (169.254.x.x) link-local
- (and (eq (aref address 0) 169)
- (eq (aref address 0) 254)))
- (memq (aref address 0)
- '(
- 64512 ;; (fc00::) IPv6 unique local address
- 64768 ;; (fd00::) IPv6 unique local address
- 65152 ;; (fe80::) IPv6 link-local
- )
- )))))))
+ (catch 'trust
+ (dolist (address addresses)
+ (let* ((length (length address))
+ (ipv4? (eq length 4)))
+ (if ipv4?
+ ;; (127.x.x.x) localhost
+ (and (eq (aref address 0) 127)
+ (throw 'trust t))
+ ;; (::) IPv6 this machine and (::1) IPv6 localhost
+ (and (or (not (cl-mismatch address [0 0 0 0 0 0 0 0]))
+ (not (cl-mismatch address [0 0 0 0 0 0 0 1]))
+ (memq (aref address 0)
+ '(
+ 64512 ;; (fc00::) IPv6 unique local address
+ 64768 ;; (fd00::) IPv6 unique local address
+ 65152 ;; (fe80::) IPv6 link-local
+ )))
+ (throw 'trust t)))
+ (cond
+ ((functionp nsm-trust-local-network)
+ (and (funcall nsm-trust-local-network address)
+ (throw 'trust t)))
+ (nsm-trust-local-network
+ (and
+ (cl-find-if #'(lambda (x)
+ (network-same-subnet-p (subseq (car x) 0 length)
+ (subseq (caddr x) 0
length)
+ address))
+ (map-apply (lambda (a b)
+ (network-interface-info a))
+ (network-interface-list)))
+ (throw 'trust t))))))))))
(defun nsm-check-tls-connection (process host port status settings)
"Check TLS connection against potential security problems.
- Re: The netsec thread, (continued)
- Re: The netsec thread, Eli Zaretskii, 2018/07/23
- Re: The netsec thread, Jimmy Yuen Ho Wong, 2018/07/23
- Re: The netsec thread, Robert Pluim, 2018/07/23
- Re: The netsec thread, Jimmy Yuen Ho Wong, 2018/07/23
- Re: The netsec thread, Robert Pluim, 2018/07/23
- Re: The netsec thread, Eli Zaretskii, 2018/07/23
- Re: The netsec thread,
Robert Pluim <=
- Re: The netsec thread, Lars Ingebrigtsen, 2018/07/23
- Re: The netsec thread, Jimmy Yuen Ho Wong, 2018/07/23
- Re: The netsec thread, Lars Ingebrigtsen, 2018/07/23
- Re: The netsec thread, Jimmy Yuen Ho Wong, 2018/07/23
- Re: The netsec thread, Noam Postavsky, 2018/07/23
- Re: The netsec thread, Lars Ingebrigtsen, 2018/07/23
- Re: The netsec thread, Andreas Schwab, 2018/07/23
Re: The netsec thread, Jimmy Yuen Ho Wong, 2018/07/20