From owner-freebsd-security Fri Mar 28 09:57:25 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA24022 for security-outgoing; Fri, 28 Mar 1997 09:57:25 -0800 (PST) Received: from enteract.com (root@enteract.com [206.54.252.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA24017 for ; Fri, 28 Mar 1997 09:57:23 -0800 (PST) Received: (from tqbf@localhost) by enteract.com (8.8.5/8.7.6) id LAA22483; Fri, 28 Mar 1997 11:56:42 -0600 (CST) From: "Thomas H. Ptacek" Message-Id: <199703281756.LAA22483@enteract.com> Subject: Re: Privileged ports... To: marcs@znep.com (Marc Slemko) Date: Fri, 28 Mar 1997 11:56:40 -0600 (CST) Cc: tqbf@enteract.com, freebsd-security@FreeBSD.ORG Reply-To: tqbf@enteract.com In-Reply-To: from "Marc Slemko" at Mar 28, 97 02:25:53 am X-Mailer: ELM [version 2.4 PL24 ME8a] Content-Type: text Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > OpenBSD has the following in netinet/in_pcb.c: [ elided ] > To emphasize; right now, anyone can steal any connections going > to an unprivileged port that inetd listens on, unless you use something > like the -a option to inetd. That is bad. I think something > resembling the above OpenBSD change is a good idea. Anyone? Isn't FreeBSD already doing a PCB lookup on attempts to bind specific ports? Right under the privileged port check, it tries to find a PCB for the sockaddr passed to bind(), and checks it for SO_REUSEPORT. You could just stick the UID check in there, at no PCB lookup cost, neh? What are the ramifications of enforcing a UID check on a socket address bound REUSEPORT, incidentally? ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- "If you're so special, why aren't you dead?"