Bugtraq mailing list archives

Re: bind() Security Problems

From: iialan () iifeak swan ac uk (Alan Cox)
Date: Thu, 1 Feb 1996 18:47:48 +0000

      Alan didnt like this, so all bind to the same port will
not be allowed in newer kernels. You should be able to easily adapt
this patch or Alan's patch to 1.2.13 without much trouble.


The two things this breaks BTW are "named" and "xntpd". No virtual hosting
server I have tried breaks. The supplied euid test is unsafe because some
programs (older Linux nfsd for example) change uid as they do requests.

I believe the correct solution in fact is to require BOTH sockets set
SO_REUSEADDR to allow the rebind.

Alan

Current thread:

passwd command in AIX 4.1.4, (continued)
- - - passwd command in AIX 4.1.4 Dave Roberts (Feb 05)
    - Re: passwd command in AIX 4.1.4 Chris Burris (Feb 05)
    - Re: passwd command in AIX 4.1.4 JaDe (Feb 05)
    - CGI security: Escape newlines. Jennifer Myers (Feb 05)
    - Re: CGI security: Escape newlines. Dave Andersen (Feb 05)
    - Re: CGI security: Escape newlines. Fred Cohen (Feb 06)
    - [Fwd: HTTPd 1.5a Security Hole!!! (fwd)] Rogue Agent (Feb 06)
  - abuse Red Hat 2.1 security hole David J Meltzer (Feb 02)
  - resizecons Red Hat 2.1 security hole David J Meltzer (Feb 02)
- Re: bind() Security Problems Casper Dik (Feb 02)
- Re: bind() Security Problems Alan Cox (Feb 01)