From 81f2c1354189592dd1f099faea8eb4aeb09d5d10 Mon Sep 17 00:00:00 2001 From: Antonio Terceiro Date: Sun, 19 Jul 2015 12:05:53 -0300 Subject: [PATCH] forward_ports: bind to localhost only by default This has been raised as security concern on vagrant itself, and fixed there some time ago. --- lib/vagrant-lxc/action/forward_ports.rb | 4 +++- spec/unit/action/forward_ports_spec.rb | 16 ++++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/lib/vagrant-lxc/action/forward_ports.rb b/lib/vagrant-lxc/action/forward_ports.rb index 0d25da0..4e472fd 100644 --- a/lib/vagrant-lxc/action/forward_ports.rb +++ b/lib/vagrant-lxc/action/forward_ports.rb @@ -67,7 +67,9 @@ module Vagrant # TODO: Deprecate this behavior of "automagically" skipping ssh forwarded ports if type == :forwarded_port && options[:id] != 'ssh' - options.delete(:host_ip) if options.fetch(:host_ip, '').to_s.strip.empty? + if options.fetch(:host_ip, '').to_s.strip.empty? + options[:host_ip] = '127.0.0.1' + end mappings[options[:host]] = options end end diff --git a/spec/unit/action/forward_ports_spec.rb b/spec/unit/action/forward_ports_spec.rb index 4109891..09f6d78 100644 --- a/spec/unit/action/forward_ports_spec.rb +++ b/spec/unit/action/forward_ports_spec.rb @@ -38,21 +38,21 @@ describe Vagrant::LXC::Action::ForwardPorts do ) end - it 'skips --laddr parameter if host_ip is nil' do + it 'Uses 127.0.0.1 as default if host_ip is nil' do forward_conf.delete(:host_ip) subject.stub(system: true) subject.call(env) expect(subject).to have_received(:spawn).with( - "redir --lport=#{host_port} --caddr=#{container_ip} --cport=#{guest_port} 2>/dev/null" + "redir --laddr=127.0.0.1 --lport=#{host_port} --caddr=#{container_ip} --cport=#{guest_port} 2>/dev/null" ) end - it 'skips --laddr parameter if host_ip is a blank string' do + it 'Uses 127.0.0.1 by default if host_ip is a blank string' do forward_conf[:host_ip] = ' ' subject.stub(system: true) subject.call(env) expect(subject).to have_received(:spawn).with( - "redir --lport=#{host_port} --caddr=#{container_ip} --cport=#{guest_port} 2>/dev/null" + "redir --laddr=127.0.0.1 --lport=#{host_port} --caddr=#{container_ip} --cport=#{guest_port} 2>/dev/null" ) end @@ -86,21 +86,21 @@ describe Vagrant::LXC::Action::ForwardPorts do ) end - it 'skips --laddr parameter if host_ip is nil' do + it 'Uses 127.0.0.1 by default if host_ip is nil' do forward_conf.delete(:host_ip) subject.stub(system: true) subject.call(env) expect(subject).to have_received(:spawn).with( - "sudo redir --lport=#{host_port} --caddr=#{container_ip} --cport=#{guest_port} 2>/dev/null" + "sudo redir --laddr=127.0.0.1 --lport=#{host_port} --caddr=#{container_ip} --cport=#{guest_port} 2>/dev/null" ) end - it 'skips --laddr parameter if host_ip is a blank string' do + it 'Uses 127.0.0.1 by default if host_ip is a blank string' do forward_conf[:host_ip] = ' ' subject.stub(system: true) subject.call(env) expect(subject).to have_received(:spawn).with( - "sudo redir --lport=#{host_port} --caddr=#{container_ip} --cport=#{guest_port} 2>/dev/null" + "sudo redir --laddr=127.0.0.1 --lport=#{host_port} --caddr=#{container_ip} --cport=#{guest_port} 2>/dev/null" ) end end