[Spread-users] INET unable to bind to port - force kill?
Jonathan Stanton
jonathan at cnds.jhu.edu
Wed Aug 1 00:16:13 EDT 2001
If you run a server that tries to bind to TCP port 5555 (for example) and
does NOT use RESUSEADDR then if that server (or any other program) tries
tgo bind to port 5555 after the server has started it will fail on the
bind system call with an address in use error. So no other program can run
at the same time as the server and capture the data destined for port
5555.
If the server had used RESUEADDR then a second copy of the server (or ANY
other program) could bind to port 5555 after the server had started and it
is not well defined who would get the data that is sent to port 5555
(maybe one program maybe both).
The idea is that the port is not "free" after the first server has bound
to it, but if RESUSEADDR is used then other pgrams can also bind to it. If
the 'attacker' program binds first then yes it can bind to 5555, but then
when you run the server it will refuse tobind and you will know some other
program is running. The security flaw is allowing other programs to
silently capture the traffic that you think only goes to the first server.
REUSEADDR does not just allow rebinding during TIME_WAIT state, but during
ANY state.
If the server uses a protected port (< 1024) then this is not really a
security flaw because under unix's security model all root processes are
totally trusted so you can assume another 'attacker' root process will
never exist (or if it does you are screwed anyway as that process can do
anything it wants already). BUT if you use unprotected ports then user
"jonathan" can run a spread daemon and user "evilfred" can run a program
to steal the traffic destined to the spread server adn teh spread server
will not even know about it.
I hope that makes more sense.
Jonathan
On Mon, Jul 30, 2001 at 09:27:40PM +0200, Jesus Cea Avion wrote:
> > We did use that for awhile and it helps wwith the problem, however it
> > has some bad security consequences (someone else on the machine can
> > also bind to the port and steal the traffic meant for Spread.) so it
> > was removed in a security audit last winter.
>
> Please, elaborate. I can't see the security problem, since an attacker
> can bind the port if it's free, without using "REUSEADDR".
>
> I can't see any security risk increase by "REUSEADDR" usage.
>
> "REUSEADDR" simple allow inmediate port reuse instead of "timeout" to
> prevent ill defined TCP/IP situations (not easily seen in real life).
> Every server with a fixed port *NEED* this option in order to prevent
> client connection failures as seen currently.
>
> The problem you see with a local attacker binding to the port exists
> both if you use "REUSEADDR" and if you keep the current schema, also.
>
> --
> Jesus Cea Avion _/_/ _/_/_/ _/_/_/
> jcea at argo.es http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/
> _/_/ _/_/ _/_/_/_/_/
> PGP Key Available at KeyServ _/_/ _/_/ _/_/ _/_/ _/_/
> "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
> "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
> "El amor es poner tu felicidad en la felicidad de otro" - Leibniz
>
>
> _______________________________________________
> spread-users mailing list
> spread-users at lists.spread.org
> http://lists.spread.org/mailman/listinfo/spread-users
--
-------------------------------------------------------
Jonathan R. Stanton jonathan at cs.jhu.edu
Dept. of Computer Science
Johns Hopkins University
-------------------------------------------------------
More information about the Spread-users
mailing list