From owner-freebsd-security  Thu Feb  1 12:28:03 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id MAA26508
          for security-outgoing; Thu, 1 Feb 1996 12:28:03 -0800 (PST)
Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id MAA26474
          for <security@freebsd.org>; Thu, 1 Feb 1996 12:27:59 -0800 (PST)
Received: from localhost.shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.7.3/8.7.3) with SMTP id MAA01487; Thu, 1 Feb 1996 12:27:14 -0800 (PST)
Message-Id: <199602012027.MAA01487@precipice.shockwave.com>
To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij)
cc: wollman@lcs.mit.edu (Garrett A. Wollman), security@freebsd.org
Subject: Re: [cisco.external.bugtraq] Re: BoS: bind() Security Problems 
In-reply-to: Your message of "Thu, 01 Feb 1996 15:39:05 +0100."
             <199602011439.PAA18233@spooky.lss.cp.philips.com> 
Date: Thu, 01 Feb 1996 12:27:14 -0800
From: Paul Traina <pst@shockwave.com>
Sender: owner-security@freebsd.org
Precedence: bulk

Yeah, that's what I was thinking to kludge around this for backwards
compatibility.

Paul

  From: Guido van Rooij <Guido.vanRooij@nl.cis.philips.com>
  Subject: Re: [cisco.external.bugtraq] Re: BoS: bind() Security Problems
  Garrett A. Wollman wrote:
  > 
  > <<On Wed, 31 Jan 1996 10:54:27 -0800, Paul Traina <pst@cisco.com> said:
  > 
  > > Yuck, I hate to think of what we're going to break when we fix this, but
  > > we should definitely fix this, otherwise users can hose NFS & friends.
  > 
  > Lots of stuff will get broken.  Although, it occurs to me...
  > 
  > It should be possible to require that SO_REUSEPORT be specified on
  > both the original and the duplicate sockets.  This way, those programs
  > (like ALL UDP-based servers) for which this is a requirement will
  > still be able to work with a minimum of modification.  We can't,
  > however, require any modifications where multicast addresses are
  > involved.
  
  
  Wouldn't it be reasonable to require that the process trying to bind
  to an already used port has the same effective uid as the original
  binder? I think this can be checked via the socket that corresponds
  tothe pcb, via its pgid pointer.
  
  Of course indeed not in multicast mode.
  
  -Guido