Skip to content

security: only accept inbound connections from the configured host#32

Open
pankaj512 wants to merge 2 commits into
lucky-verma:mainfrom
pankaj512:security/inbound-host-restriction
Open

security: only accept inbound connections from the configured host#32
pankaj512 wants to merge 2 commits into
lucky-verma:mainfrom
pankaj512:security/inbound-host-restriction

Conversation

@pankaj512

Copy link
Copy Markdown

Summary

The client listened on all interfaces and accepted any inbound TCP connection, gated solely by knowledge of the shared key. On an untrusted network (public Wi-Fi) or a shared LAN, any host that could reach the port could attempt the key handshake and, on success, inject keyboard/mouse input.

Change

ListenAndAccept now takes the configured host (cfg.Host) and rejects inbound connections whose source IP does not match it (isAllowedPeer). The client only ever talks to one peer, so this closes the "anyone on the network can knock" door while the key remains the authentication secret.

  • Host may be an IP literal or a hostname (resolved via DNS to tolerate DHCP changes).
  • An empty host disables the check.
  • Outbound connection is unchanged, so normal use needs no new configuration — it reuses the host you already set.

Compatibility

  • No new config fields or flags. Existing setups keep working; inbound connections from the configured Windows host are still accepted.

Docs

  • Adds a Security section to the README (trusted-peer behavior, firewall guidance, key secrecy, and the non-authenticated-transport caveat).

Scope

  • internal/network/client.go, cmd/mwb/main.go, internal/network/client_test.go, README.md.
  • New unit test TestIsAllowedPeer covering match/mismatch, loopback rejection, IPv6, and the disabled case.

Testing

  • go build ./..., go vet ./..., and go test ./... all pass.

The client listened on all interfaces and accepted any inbound TCP connection,
gated solely by knowledge of the shared key. On an untrusted network (public
Wi-Fi) or a shared LAN, any host that could reach the port could attempt the
key handshake and, on success, inject keyboard/mouse input.

ListenAndAccept now takes the configured host (cfg.Host) and rejects inbound
connections whose source IP does not match it (isAllowedPeer). The host may be
an IP literal or a hostname (resolved to handle DHCP changes); an empty value
disables the check. Outbound connect is unchanged, so normal use needs no new
config. Adds TestIsAllowedPeer covering match/mismatch, loopback, IPv6, and the
disabled case.
Documents the trusted-peer behavior (inbound connections accepted only from the
configured host), firewall guidance, key secrecy, and the non-authenticated
transport caveat.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant