Date: Fri, 28 Mar 1997 11:56:40 -0600 (CST) From: "Thomas H. Ptacek" <tqbf@enteract.com> To: marcs@znep.com (Marc Slemko) Cc: tqbf@enteract.com, freebsd-security@FreeBSD.ORG Subject: Re: Privileged ports... Message-ID: <199703281756.LAA22483@enteract.com> In-Reply-To: <Pine.BSF.3.95.970328013334.18095F-100000@alive.znep.com> from "Marc Slemko" at Mar 28, 97 02:25:53 am
next in thread | previous in thread | raw e-mail | index | archive | help
> OpenBSD has the following in netinet/in_pcb.c: [ elided ] > To emphasize; right now, anyone can steal any connections going > to an unprivileged port that inetd listens on, unless you use something > like the -a option to inetd. That is bad. I think something > resembling the above OpenBSD change is a good idea. Anyone? Isn't FreeBSD already doing a PCB lookup on attempts to bind specific ports? Right under the privileged port check, it tries to find a PCB for the sockaddr passed to bind(), and checks it for SO_REUSEPORT. You could just stick the UID check in there, at no PCB lookup cost, neh? What are the ramifications of enforcing a UID check on a socket address bound REUSEPORT, incidentally? ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- "If you're so special, why aren't you dead?"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703281756.LAA22483>