From owner-freebsd-security Wed Jan 31 11:30:25 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id LAA02619 for security-outgoing; Wed, 31 Jan 1996 11:30:25 -0800 (PST) Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id LAA02604 for ; Wed, 31 Jan 1996 11:30:19 -0800 (PST) Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.8.2/19Aug95-0530PM) id AA00772; Wed, 31 Jan 1996 14:30:09 -0500 Date: Wed, 31 Jan 1996 14:30:09 -0500 From: "Garrett A. Wollman" Message-Id: <9601311930.AA00772@halloran-eldar.lcs.mit.edu> To: Paul Traina Cc: security@freebsd.org Subject: [cisco.external.bugtraq] Re: BoS: bind() Security Problems In-Reply-To: <199601311854.KAA05100@puli.cisco.com> References: <199601311854.KAA05100@puli.cisco.com> Sender: owner-security@freebsd.org Precedence: bulk < said: > Yuck, I hate to think of what we're going to break when we fix this, but > we should definitely fix this, otherwise users can hose NFS & friends. Lots of stuff will get broken. Although, it occurs to me... It should be possible to require that SO_REUSEPORT be specified on both the original and the duplicate sockets. This way, those programs (like ALL UDP-based servers) for which this is a requirement will still be able to work with a minimum of modification. We can't, however, require any modifications where multicast addresses are involved. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant