From owner-freebsd-hackers Mon Feb 5 22:59:46 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id WAA03679 for hackers-outgoing; Mon, 5 Feb 1996 22:59:46 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id WAA03660 Mon, 5 Feb 1996 22:59:41 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by rover.village.org (8.6.11/8.6.6) with SMTP id XAA02048; Mon, 5 Feb 1996 23:59:34 -0700 Message-Id: <199602060659.XAA02048@rover.village.org> To: Michael Dillon Subject: Re: Is this security hole being fixed?? Cc: freebsd-hackers@FreeBSD.org, freebsd-security@FreeBSD.org In-reply-to: Your message of Mon, 05 Feb 1996 22:46:57 PST Date: Mon, 05 Feb 1996 23:59:33 -0700 From: Warner Losh Sender: owner-hackers@FreeBSD.org Precedence: bulk : Some of the other things are very questionable. I can break a standard : Sun Solaris 2 machine in about 2 minutes from a shell prompt and about 10 : otherwise unless the user is applying patchkits very fast. Currently I can : break almost any BSD derived system because of a bug CERT haven't yet : even published. This would be the "you can bind to a specific port that has a IN_ADDR_ANY binding already" bug? That is a "feature" of the OS that is designed to override generic daemons with specific ones. To make this change would be to change the way that sockets work. Not that this is a bad thing, but everyone should know this is a design change. The other way to fix it is to have your daemons that run as root bind to all the interfaces, like newer named daemons do. You *ESPECIALLY* want to do this for all daemons that run on ports > 1023, since you don't have to be root to bind to those sockets. In the case of NFS it is rather, well, a large gaping hole for reasons that should be obvious to most people... Or is this some other problem? Warner P.S. Is freebsd-security still active? Should this go there?