Bugtraq mailing list archives
Re: bind() Security Problems
From: iialan () iifeak swan ac uk (Alan Cox)
Date: Thu, 1 Feb 1996 18:47:48 +0000
Alan didnt like this, so all bind to the same port will not be allowed in newer kernels. You should be able to easily adapt this patch or Alan's patch to 1.2.13 without much trouble.
The two things this breaks BTW are "named" and "xntpd". No virtual hosting server I have tried breaks. The supplied euid test is unsafe because some programs (older Linux nfsd for example) change uid as they do requests. I believe the correct solution in fact is to require BOTH sockets set SO_REUSEADDR to allow the rebind. Alan
Current thread:
- passwd command in AIX 4.1.4, (continued)
- passwd command in AIX 4.1.4 Dave Roberts (Feb 05)
- Re: passwd command in AIX 4.1.4 Chris Burris (Feb 05)
- Re: passwd command in AIX 4.1.4 JaDe (Feb 05)
- CGI security: Escape newlines. Jennifer Myers (Feb 05)
- Re: CGI security: Escape newlines. Dave Andersen (Feb 05)
- Re: CGI security: Escape newlines. Fred Cohen (Feb 06)
- [Fwd: HTTPd 1.5a Security Hole!!! (fwd)] Rogue Agent (Feb 06)
- abuse Red Hat 2.1 security hole David J Meltzer (Feb 02)
- resizecons Red Hat 2.1 security hole David J Meltzer (Feb 02)