Issue Details (XML | Word | Printable)

Key: CORE-2087
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Cosmin Apreutesei
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Firebird Core

RemoteBindAddress = hostname instead of IP address is silently ignored and server binds to all interfaces (nothing in the firebird.log nor syslog)

Created: 17/Sep/08 09:04 AM   Updated: 12/Mar/09 06:10 PM
Component/s: None
Affects Version/s: 2.1.1
Fix Version/s: 2.1.2, 2.5 Beta 1

Time Tracking:
Not Specified

Environment: linux 32bit, firebird super server.
Issue Links:
Depend
 

Planning Status: Unspecified


 Description  « Hide
netstat -l shows *:3050 LISTEN and I am able to connect from any interface, even though I specified RemoteBindAdress to just one hostname.

Is giving hostname not supported for this option, and thus this behavior expected (but at least an error in syslog would be nice) ?



 All   Comments   Work Log   Change History   Version Control   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alexander Peshkov added a comment - 17/Sep/08 09:21 AM
Giving hostname is not supported for this option.
But certainly listening to all interfaces in case of user error is not correct behavior. I will take a look, what can be done in this case. Suppose writing a message in a log file and listening only at 127.0.0.1 will be correct behavior.

Dmitry Yemanov added a comment - 17/Sep/08 01:07 PM
I think the usual behavior to deal with wrongly specified config option is to log this fact and use a default value instead. In our case, the default value means listening to all interfaces available. So I'm not really convinced this is a bug.

Alexander Peshkov added a comment - 18/Sep/08 03:49 AM - edited
I'm agreed in most cases we go this way. But this is a security issue - if we use default value, server listens on all interfaces, which is IMO not secure behavior - imagine one of them is external interface. Yes, we must log an error - but who reads log when software works? It's much safer to use localhost interface in this case. BTW, a lot of daemons (like bind, for example) do not listen on any interface when misconfigured. Or do not start at all.

I also suggest to add host name resolution for a value, read from firebird.conf. Looks like it's trivial improvement.

Dmitry Yemanov added a comment - 18/Sep/08 06:27 AM
OK, agreed. However:

> I also suggest to add host name resolution for a value, read from firebird.conf.

And what network card do you suggest to bind the listener then, provided that we're speaking about a multi-homed host?

Alexander Peshkov added a comment - 18/Sep/08 06:51 AM
Different interfaces on single host may have different host names. I've configured my box in this way to test this feature.

Cosmin Apreutesei added a comment - 18/Sep/08 02:36 PM - edited
Standard behavior of unix servers is to throw parsing and initialization errors to stderr and syslog and refuse to start (the idea is not to assume unintended behavior-- i.e. even if the server falls back to default behavior, it's still contrary to user's expectation or intuition of what happened).

In the case address binding is configured with hostnames instead of IP addresses, the success of server start/restart could be then bound to the availability of a DNS server (assuming gethostbyname will only be called on server startup, and only once). Apache for instance has an entire documentation page dedicated to the issue (http://httpd.apache.org/docs/2.2/dns-caveats.html). Regardless of their warnings, I still consider using hostnames instead of IP addresses a good practice as it keeps IP address allocation issues away from servers' config files.

Just my 2cents.

Alexander Peshkov added a comment - 19/Sep/08 05:23 AM
Not starting server at all is certainly the simplest thing which may be done when it's misconfigured. But in most cases we try to avoid such serious answers to configuration error, and for unusable bind address I see only one safe answer - listen at 127.0.0.1. Startup failure is bad answer - when used on windows, server also can listen to WNET/XNET connections (why not let it start for that protocols), and having different behavior on different OS's is not good when can be easily avoided.

What about use of hostname instead of IP address - well, I see no problems improving this feature in 2.5.

Alexander Peshkov added a comment - 22/Sep/08 11:45 AM
Traditionally we use default value in case of errors in firebird.conf. But for some entries this is unsafe - for example, in this case instead of listen all it's much better to bind 127.0.0.1.

Cosmin Apreutesei added a comment - 12/Mar/09 06:10 PM
You can test the safety of this protocol in real life. Whenever you forget your wrist watch and someone asks you what time it is, just say it's exactly midnight, 00:00 :) Or, how would you like if your GPS software would default the destination for you when you input a non-existent one :) I can go like this forever.

Defaults are not safe, just annoying, and go counter to user's expectation. I promise to drop a line on this "fixed" request whenever this will bite me again :) The safe answer when you can't compute the answer to a question is an honest 'I don't know'.