Date: Mon, 05 Feb 1996 23:59:33 -0700 From: Warner Losh <imp@village.org> To: Michael Dillon <michael@memra.com> Cc: freebsd-hackers@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: Is this security hole being fixed?? Message-ID: <199602060659.XAA02048@rover.village.org> In-Reply-To: Your message of Mon, 05 Feb 1996 22:46:57 PST
next in thread | raw e-mail | index | archive | help
: Some of the other things are very questionable. I can break a standard : Sun Solaris 2 machine in about 2 minutes from a shell prompt and about 10 : otherwise unless the user is applying patchkits very fast. Currently I can : break almost any BSD derived system because of a bug CERT haven't yet : even published. This would be the "you can bind to a specific port that has a IN_ADDR_ANY binding already" bug? That is a "feature" of the OS that is designed to override generic daemons with specific ones. To make this change would be to change the way that sockets work. Not that this is a bad thing, but everyone should know this is a design change. The other way to fix it is to have your daemons that run as root bind to all the interfaces, like newer named daemons do. You *ESPECIALLY* want to do this for all daemons that run on ports > 1023, since you don't have to be root to bind to those sockets. In the case of NFS it is rather, well, a large gaping hole for reasons that should be obvious to most people... Or is this some other problem? Warner P.S. Is freebsd-security still active? Should this go there?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602060659.XAA02048>