Date: Thu, 01 Feb 1996 12:27:14 -0800 From: Paul Traina <pst@shockwave.com> To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) Cc: wollman@lcs.mit.edu (Garrett A. Wollman), security@freebsd.org Subject: Re: [cisco.external.bugtraq] Re: BoS: bind() Security Problems Message-ID: <199602012027.MAA01487@precipice.shockwave.com> In-Reply-To: Your message of "Thu, 01 Feb 1996 15:39:05 %2B0100." <199602011439.PAA18233@spooky.lss.cp.philips.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Yeah, that's what I was thinking to kludge around this for backwards compatibility. Paul From: Guido van Rooij <Guido.vanRooij@nl.cis.philips.com> Subject: Re: [cisco.external.bugtraq] Re: BoS: bind() Security Problems Garrett A. Wollman wrote: > > <<On Wed, 31 Jan 1996 10:54:27 -0800, Paul Traina <pst@cisco.com> said: > > > Yuck, I hate to think of what we're going to break when we fix this, but > > we should definitely fix this, otherwise users can hose NFS & friends. > > Lots of stuff will get broken. Although, it occurs to me... > > It should be possible to require that SO_REUSEPORT be specified on > both the original and the duplicate sockets. This way, those programs > (like ALL UDP-based servers) for which this is a requirement will > still be able to work with a minimum of modification. We can't, > however, require any modifications where multicast addresses are > involved. Wouldn't it be reasonable to require that the process trying to bind to an already used port has the same effective uid as the original binder? I think this can be checked via the socket that corresponds tothe pcb, via its pgid pointer. Of course indeed not in multicast mode. -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602012027.MAA01487>