diff options
| author | Wladimir J. van der Laan <laanwj@gmail.com> | 2018-11-22 10:51:39 +0100 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2018-11-22 10:53:16 +0100 |
| commit | e77a2258e4daff20202178bba6b9fb8c757823de (patch) | |
| tree | a36f683ea7b0d388bf8e6c6d470b7923e554f93f /contrib/devtools/copyright_header.py | |
| parent | e736b67467ef98c195eb0fa073f539a2613333be (diff) | |
| parent | 27c44ef9c61f64d941ab82ec232a68141a2fde90 (diff) | |
Merge #14532: Never bind INADDR_ANY by default, and warn when doing so explicitly
27c44ef9c61f64d941ab82ec232a68141a2fde90 rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr)
d6a1287481428d982dc03be3a6d9aeef8398f468 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr)
3615003952ffbc814bdb53d9d0e45790f152bd2f net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr)
Pull request description:
A disturbingly large number of listening nodes appear to be also exposing their RPC server to the public internet. To attempt to mitigate this:
* Only ever bind localhost by default, even if `rpcallowip` is specified. (A warning is given if `rpcallowip` is specified without `rpcbind`, since it doesn't really make sense to do.)
* Warn about exposing the RPC server to untrusted networks if the user explicitly binds to any INADDR_ANY address.
* Include a warning about untrusted networks in the `--help` documentation for `rpcbind`.
Tree-SHA512: 755bbca3db416a31393672eccf6675a5ee4d1eb1812cba73ebb4ff8c6b855ecc5df4c692566e9aa7b0f7d4dce6fedb9c0e9f3c265b9663aca36c4a6ba5efdbd4
Diffstat (limited to 'contrib/devtools/copyright_header.py')
0 files changed, 0 insertions, 0 deletions