Date: Thu, 1 Feb 1996 15:39:05 +0100 (MET) From: Guido van Rooij <Guido.vanRooij@nl.cis.philips.com> To: wollman@lcs.mit.edu (Garrett A. Wollman) Cc: pst@cisco.com, security@freebsd.org Subject: Re: [cisco.external.bugtraq] Re: BoS: bind() Security Problems Message-ID: <199602011439.PAA18233@spooky.lss.cp.philips.com> In-Reply-To: <9601311930.AA00772@halloran-eldar.lcs.mit.edu> from "Garrett A. Wollman" at Jan 31, 96 02:30:09 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Garrett A. Wollman wrote: > > <<On Wed, 31 Jan 1996 10:54:27 -0800, Paul Traina <pst@cisco.com> said: > > > Yuck, I hate to think of what we're going to break when we fix this, but > > we should definitely fix this, otherwise users can hose NFS & friends. > > Lots of stuff will get broken. Although, it occurs to me... > > It should be possible to require that SO_REUSEPORT be specified on > both the original and the duplicate sockets. This way, those programs > (like ALL UDP-based servers) for which this is a requirement will > still be able to work with a minimum of modification. We can't, > however, require any modifications where multicast addresses are > involved. Wouldn't it be reasonable to require that the process trying to bind to an already used port has the same effective uid as the original binder? I think this can be checked via the socket that corresponds tothe pcb, via its pgid pointer. Of course indeed not in multicast mode. -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602011439.PAA18233>