Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: bind() Security Problems
From: iialan () iifeak swan ac uk (Alan Cox)
Date: Thu, 1 Feb 1996 18:47:48 +0000


      Alan didnt like this, so all bind to the same port will
not be allowed in newer kernels. You should be able to easily adapt
this patch or Alan's patch to 1.2.13 without much trouble.

The two things this breaks BTW are "named" and "xntpd". No virtual hosting
server I have tried breaks. The supplied euid test is unsafe because some
programs (older Linux nfsd for example) change uid as they do requests.

I believe the correct solution in fact is to require BOTH sockets set
SO_REUSEADDR to allow the rebind.

Alan



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]