Bug#813471: network access to the loopback device should be allowed

To: Simon McVittie <smcv@debian.org>
Cc: 813471@bugs.debian.org, Bill Allombert <ballombe@debian.org>, Gunnar Wolf <gwolf@debian.org>, Osamu Aoki <osamu@debian.org>
Subject: Bug#813471: network access to the loopback device should be allowed
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Fri, 11 May 2018 12:37:47 +0100
Message-id: <[🔎] 23285.32907.117759.768994@chiark.greenend.org.uk>
Reply-to: Ian Jackson <ijackson@chiark.greenend.org.uk>, 813471@bugs.debian.org
In-reply-to: <[🔎] 20180510172759.GA4013@espresso.pseudorandom.co.uk>
References: <20171003044027.juwpqoj75l4tlafk@gwolf.org> <150670584355.10563.10238760966760741232.reportbug@zam581.zam.kfa-juelich.de> <85d3c42b-858f-2221-3fa3-326fb51e822a@onenetbeyond.org> <20171003173448.rqv427pr3ag7i45z@gwolf.org> <CAJxTCxwAdZn9HxvdGgKcn-5TetD6YYrLgodHKF=DtsSVHVdmXg@mail.gmail.com> <20160202114603.GA10732@goofy.local> <20171003180013.ppezgyokw7w3xkdb@gwolf.org> <20171004120953.GJ7659@yellowpig> <[🔎] 20180510142244.GA2500@espresso.pseudorandom.co.uk> <[🔎] 23284.30855.584355.263419@chiark.greenend.org.uk> <[🔎] 20180510172759.GA4013@espresso.pseudorandom.co.uk> <20160202114603.GA10732@goofy.local>

Simon McVittie writes ("Re: Bug#813471: network access to the loopback device should be allowed"):
> On Thu, 10 May 2018 at 17:51:19 +0100, Ian Jackson wrote:
> > Yes, assuming that it uses gethostbyname() from the libc.
> 
> When you say gethostbyname() I hope you're using that as shorthand
> for anything that goes through the libc nsswitch mechanism, like
> gethostbyname(), getaddrinfo(), `getent hosts` and so on? (gethostbyname()
> is deprecated in favour of getaddrinfo(), because it isn't thread-safe
> and can't return a mixture of IPv4 and IPv6 addresses.)

Yes, sorry.

> > > - yes, but only if it Build-Depends on libnss-myhostname and/or netbase
> > 
> > I don't know what these things are but I think an system being used
> > for builds ought to contain an /etc/hosts giving an IP address for
> > `localhost' and enough libc to read it via gethostbyname().
> 
> libnss-myhostname is [...]

Thanks for the informtion.

> netbase is the Priority: important package that owns files like
> /etc/services, and it creates a minimal /etc/hosts (localhost and related
> names) in its postinst. For systems installed with d-i, I think d-i
> is also involved in the creation of /etc/hosts (it adds the configured
> hostname as in the section of hostname(1) that you cited), but not all
> systems were installed with d-i, particularly minimal chroots.

Right.

> > I think `resolve $(hostname)' is a bit ambiguous.
> 
> Sorry, what I meant is: take the result of gethostname(), and pass it to
> libc resolver calls like gethostbyname() or getaddrinfo().

Right.

> > > At the moment, schroot/sbuild is very likely to make both localhost and
> > > $(hostname) resolvable (/etc/hosts from the host system is copied into
> > > the chroot, and that file is not strictly guaranteed to make localhost or
> > > $(hostname) resolvable but probably does), but pbuilder with its default
> > > USENETWORK=no configuration does not necessarily have a hosts file or a
> > > working resolv.conf. dbus currently FTBFS on reproducible-builds (#897662)
> > > because one of its automated tests assumes localhost is resolvable.
> > 
> > I think this is a bug in pbuiler.
> 
> Correction, schroot/sbuild *might* copy in /etc/hosts, but it might not:
> as well as /etc/hosts being a configuration file on the host, the list
> of files to copy is configurable in each schroot "profile". By default,
> the sbuild profile only copies in /etc/resolv.conf, whereas the buildd
> profile additionally copies /etc/hosts and /etc/networks. I think official
> Debian buildds use the buildd profile, while developers are encouraged
> to use the sbuild profile.
> 
> This seems increasingly like a trap, with no particular guarantees
> currently given to software running in the chroot...

I think we should document that the relevant entries in hosts are
mandatory for builds, and fix whatever cases are currently broken
(probably by adding netbase to build-essential).

> > I think it must be part of the basic API for a build environment.  I'm
> > a bit surprised that netbase isn't build-essential.  Certainly IMO an
> > /etc/hosts with the entries you describe above should be implied by
> > build-essential, one way or another.
> 
> The rest of netbase is fairly niche (I suspect few packages need
> /etc/protocols or /etc/rpc, and most of the packages that depend on it
> do so because they want /etc/services), but it happens to be one of the
> few ways to guarantee that you have some sort of /etc/hosts.

I just got told that one of my packages does not build in some weird
environment where /etc/protocols is missing, because the test suite
does not stub out getprotobyname.  I'm going to take the promised
patch to remove the call to getprotobyname, but because it makes the
code simpler and not because I think it is sensible to do builds on a
machine with no /etc/protocols.

Your observations lead me to conclude that /etc/services is another
good reason why netbase ought to be present in build environments.

HTH.

Ian.

-- 
Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Reply to:

References:
- Bug#813471: network access to the loopback device should be allowed
  - From: Simon McVittie <smcv@debian.org>
- Bug#813471: network access to the loopback device should be allowed
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Bug#813471: network access to the loopback device should be allowed
  - From: Simon McVittie <smcv@debian.org>

Prev by Date: Обращение к начальству
Next by Date: Bug#880920: Document Rules-Requires-Root field
Previous by thread: Bug#813471: network access to the loopback device should be allowed
Next by thread: Обращение к начальству
Index(es):
- Date
- Thread