From owner-freebsd-multimedia  Tue Apr 28 07:04:22 1998
Return-Path: <owner-freebsd-multimedia@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA27134
          for freebsd-multimedia-outgoing; Tue, 28 Apr 1998 07:04:22 -0700 (PDT)
          (envelope-from owner-freebsd-multimedia@FreeBSD.ORG)
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id HAA27106
          for <multimedia@FreeBSD.ORG>; Tue, 28 Apr 1998 07:04:14 -0700 (PDT)
          (envelope-from luigi@labinfo.iet.unipi.it)
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id IAA25958; Tue, 28 Apr 1998 08:37:09 +0200
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199804280637.IAA25958@labinfo.iet.unipi.it>
Subject: multiple sdr -- found the problem
To: MBONE@isi.edu, multimedia@FreeBSD.ORG
Date: Tue, 28 Apr 1998 08:37:08 +0200 (MET DST)
In-Reply-To:  <25298.892667239@north.lcs.mit.edu> from "Mark Handley" at Apr 15, 98 03:07:00 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-multimedia@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

It appears that there is a problem with running multiple instances of
SDR -- by different users -- on FreeBSD. It is not a problem in
sdr, but rather on bind(), and I wonder if it affects:
  1) other systems;
  2) other multicast applications.

The problem (in sdr) is as follows: when two instances of sdr are
run by different users, the second one fails to bind to the same
port, unless it is root or has the same UID as the first one.
Haven't verified if the test is made on the UID, EUID, GID or
what. Nor I have verified if it is specific of FreeBSD or it also
occurs on other systems.

I can see a reason for checking privileges on a bind -- if multiple
processes bind to the same port, some unprivileged process might
steal packet to another, more privileged one -- especially for
unicast traffic.

For multicast, though, my belief is that there is intrinsically no
security in the use of this type of transport, so the check should be
relaxed.

[in sdr, the offending bind() is called for INADDR_ANY ; i have tried
to set the address to a multicast group but it seems to make no
difference].

Comments/suggestions ?

	cheers
	luigi
-----------------------------+--------------------------------------
Luigi Rizzo                  |  Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it    |  Universita' di Pisa
tel: +39-50-568533           |  via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522           |  http://www.iet.unipi.it/~luigi/
_____________________________|______________________________________

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-multimedia" in the body of the message