From owner-freebsd-security  Thu Feb  1 06:41:05 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id GAA00219
          for security-outgoing; Thu, 1 Feb 1996 06:41:05 -0800 (PST)
Received: from relay.philips.nl (ns.philips.nl [130.144.65.1])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id GAA00205
          for <security@freebsd.org>; Thu, 1 Feb 1996 06:40:59 -0800 (PST)
Received: (from smap@localhost) by relay.philips.nl (8.6.9/8.6.9-950414) id PAA07234; Thu, 1 Feb 1996 15:40:13 +0100
Received: from unknown(192.26.173.32) by ns.philips.nl via smap (V1.3+ESMTP) with ESMTP
	id sma007149; Thu Feb  1 15:39:07 1996
Received: from spooky.lss.cp.philips.com (spooky.lss.cp.philips.com [130.144.199.105]) by smtp.nl.cis.philips.com (8.6.10/8.6.10-0.9z-02May95) with ESMTP id PAA29834; Thu, 1 Feb 1996 15:39:56 +0100
Received: (from guido@localhost) 
	by spooky.lss.cp.philips.com (8.6.10/8.6.10-0.991c-08Nov95) id PAA18233; Thu, 1 Feb 1996 15:39:05 +0100
From: Guido van Rooij <Guido.vanRooij@nl.cis.philips.com>
Message-Id: <199602011439.PAA18233@spooky.lss.cp.philips.com>
Subject: Re: [cisco.external.bugtraq] Re: BoS: bind() Security Problems
To: wollman@lcs.mit.edu (Garrett A. Wollman)
Date: Thu, 1 Feb 1996 15:39:05 +0100 (MET)
Cc: pst@cisco.com, security@freebsd.org
In-Reply-To: <9601311930.AA00772@halloran-eldar.lcs.mit.edu> from "Garrett A. Wollman" at Jan 31, 96 02:30:09 pm
Reply-To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij)
X-Mailer: ELM [version 2.4 PL21]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
Precedence: bulk

Garrett A. Wollman wrote:
> 
> <<On Wed, 31 Jan 1996 10:54:27 -0800, Paul Traina <pst@cisco.com> said:
> 
> > Yuck, I hate to think of what we're going to break when we fix this, but
> > we should definitely fix this, otherwise users can hose NFS & friends.
> 
> Lots of stuff will get broken.  Although, it occurs to me...
> 
> It should be possible to require that SO_REUSEPORT be specified on
> both the original and the duplicate sockets.  This way, those programs
> (like ALL UDP-based servers) for which this is a requirement will
> still be able to work with a minimum of modification.  We can't,
> however, require any modifications where multicast addresses are
> involved.


Wouldn't it be reasonable to require that the process trying to bind
to an already used port has the same effective uid as the original
binder? I think this can be checked via the socket that corresponds
tothe pcb, via its pgid pointer.

Of course indeed not in multicast mode.

-Guido