Kirill A. Korinsky <kirill@korins.ky> wrote:

> On Sun, 11 Aug 2024 18:00:03 +0200,
> Florian Obser <florian@openbsd.org> wrote:
> > 
> > localhost is just a weird spelling for 127.0.0.1...
> >
> > I'm not entirely sure how to tickle this code though.
> > 
> > OK?
> > 
> > diff --git inet.c inet.c
> > index 88d37be055e..a6c0a4b8282 100644
> > --- inet.c
> > +++ inet.c
> > @@ -813,7 +813,6 @@ static char *
> >  getrpcportnam(in_port_t port, int proto)
> >  {
> >  	struct sockaddr_in server_addr;
> > -	struct hostent *hp;
> >  	static struct pmaplist *head;
> >  	int socket = RPC_ANYSOCK;
> >  	struct timeval minutetimeout;
> > @@ -828,11 +827,7 @@ getrpcportnam(in_port_t port, int proto)
> >  		first = 1;
> >  		memset(&server_addr, 0, sizeof server_addr);
> >  		server_addr.sin_family = AF_INET;
> > -		if ((hp = gethostbyname("localhost")) != NULL)
> > -			memmove((caddr_t)&server_addr.sin_addr, hp->h_addr,
> > -			    hp->h_length);
> > -		else
> > -			(void) inet_aton("0.0.0.0", &server_addr.sin_addr);
> > +		(void) inet_pton(AF_INET, "127.0.0.1", &server_addr.sin_addr);
> >  
> >  		minutetimeout.tv_sec = 60;
> >  		minutetimeout.tv_usec = 0;
> >
> 
> The current code handles the case where localhost is 127.0.0.2 and
> /etc/hosts has relevant records.
> 
> As far as I can see in RFC 1122 and 6890, any address from 127.0.0.0/8 can
> be used as a loopback.
> 
> Am I missing the place where 127.0.0.1 is required to be the only possible
> localhost address?

That is bullshit.

I'm not going to begin starting a list of what can go wrong.

The only approved address is 127.0.0.1 and if you choose to configure
your system with any I *PRAY* you miss some interaction and you get
holed and all your money gets stolen.

If you insist on running systems which are so flexible that anything and
everything can go wrong, please go RUN SOMETHING ELSE WHICH LETS YOU,
and stay away from OpenBSD where we will always choose the strictest or
safest interpretations.

I hope that is a firm enough statement that this is over.