[2497] in bugtraq
Re: bind() Security Problems
daemon@ATHENA.MIT.EDU (Alan Cox)
Thu Feb 1 17:55:27 1996
Date: Thu, 1 Feb 1996 18:47:48 +0000
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Alan Cox <iialan@iifeak.swan.ac.uk>
X-To: linux-security@tarsier.cv.nrao.edu
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <Pine.LNX.3.91.960130151057.4068A-100000@underground.org> from
"Aleph's K-Rad GECOS Field" at Jan 30, 96 03:18:21 pm
> Alan didnt like this, so all bind to the same port will
> not be allowed in newer kernels. You should be able to easily adapt
> this patch or Alan's patch to 1.2.13 without much trouble.
The two things this breaks BTW are "named" and "xntpd". No virtual hosting
server I have tried breaks. The supplied euid test is unsafe because some
programs (older Linux nfsd for example) change uid as they do requests.
I believe the correct solution in fact is to require BOTH sockets set
SO_REUSEADDR to allow the rebind.
Alan
