[599] in linux-security and linux-alert archive
Re: bind() Security Problems
daemon@ATHENA.MIT.EDU (Alan Cox)
Fri Feb 2 17:35:27 1996
From: iialan@iifeak.swan.ac.uk (Alan Cox)
To: linux-security@tarsier.cv.nrao.edu
Date: Thu, 1 Feb 1996 18:47:48 +0000 (GMT)
Cc: linux-alert@tarsier.cv.nrao.edu, bugtraq@crimelab.com,
best-of-security@suburbia.net
In-Reply-To: <Pine.LNX.3.91.960130151057.4068A-100000@underground.org> from "Aleph's K-Rad GECOS Field" at Jan 30, 96 03:18:21 pm
> Alan didnt like this, so all bind to the same port will
> not be allowed in newer kernels. You should be able to easily adapt
> this patch or Alan's patch to 1.2.13 without much trouble.
The two things this breaks BTW are "named" and "xntpd". No virtual hosting
server I have tried breaks. The supplied euid test is unsafe because some
programs (older Linux nfsd for example) change uid as they do requests.
I believe the correct solution in fact is to require BOTH sockets set
SO_REUSEADDR to allow the rebind.
Alan
