Bugtraq mailing list archives
Re: TCPwrappers race condition
From: wietse () WZV WIN TUE NL (Wietse Venema)
Date: Fri, 3 Oct 1997 19:24:36 -0400
Wietse Venema:
Although the time window can be made *smaller* by using results from accept() instead of getpeername(), the time window can be eliminated only by changing the kernel so that it does not destroy the protocol control block when the connection is reset by the peer.
John W. Temples:
If accept() does return without an error, why would you not have the address? Thus where is the time window?
The time window is with the other returns from accept(). Ignoring
error returns from accept() does not solve the problem.
Wietse
Current thread:
- IE4 and channels Alan Cox (Oct 02)
- TCPwrappers race condition Thamer Al-Herbish (Sep 28)
- Re: TCPwrappers race condition Nicolai E M Plum (Oct 03)
- Re: TCPwrappers race condition Wietse Venema (Oct 03)
- Re: TCPwrappers race condition John W. Temples (Oct 03)
- Re: TCPwrappers race condition Wietse Venema (Oct 03)
- Majordomo 1.94.4 released -- SECURITY FIXES Aleph One (Oct 03)
- web.sql vulnerability Aleph One (Oct 03)
- TCPwrappers race condition Thamer Al-Herbish (Sep 28)
- IE4 and channels Jon Cargille (Oct 02)
- <Possible follow-ups>
- Re: IE4 and channels Phillip Hallam-Baker (Oct 02)