[598] in linux-security and linux-alert archive
Re: bind() Security Problems
daemon@ATHENA.MIT.EDU (Richard Black)
Fri Feb 2 17:35:27 1996
To: linux-security@tarsier.cv.nrao.edu
cc: linux-alert@tarsier.cv.nrao.edu, bugtraq@crimelab.com,
best-of-security@suburbia.net, aleph1@underground.org,
Richard.Black@cl.cam.ac.uk
Date: Thu, 01 Feb 1996 11:49:33 +0000
From: Richard Black <Richard.Black@cl.cam.ac.uk>
Sigh,
I am not on any of these security lists but I have just been forwarded this
alert about bind().
This is a "feature" of IP Multicast support. I reported this bug in November
1993 on the IP Multicast workers mailing list, and directly to Steeve Deering.
This feature was deliberately added to the (previously secure) BSD networking
code by Steeve Deering (or at any rate one of the IP multicast people working
with him) in 1992 or 1993 because of the way that IP Multicast works. Since IP
multicast uses UDP all the recipients of a multicast session world wide must
be using the same UDP port number. Since global agreement on free port numbers
is not practical it was made possible for an application to get access to a
particular UDP port irrespective of its use elsewhere on the same machine.
Most vendors (e.g. Digital Unix) have not accepted this hole and only permit
sharing of the same port when ALL of the sockets involved have SO_REUSEADDR
set. This works reasonably well in practice since port numbers chosen for
multicast sessions are above the range normally cyclicly allocated to other
applications.
I have not been following IP multicast implementation work so I have no idea
at what stage (or even whether) this fix was adopted.
-----
Richard Black (usual disclaimers)
University of Cambridge
Computer Laboratory
Cambridge
United Kingdom
