[Spread-users] INET unable to bind to port - force kill?
Jesus Cea Avion
jcea at argo.es
Mon Jul 30 15:27:40 EDT 2001
> We did use that for awhile and it helps wwith the problem, however it
> has some bad security consequences (someone else on the machine can
> also bind to the port and steal the traffic meant for Spread.) so it
> was removed in a security audit last winter.
Please, elaborate. I can't see the security problem, since an attacker
can bind the port if it's free, without using "REUSEADDR".
I can't see any security risk increase by "REUSEADDR" usage.
"REUSEADDR" simple allow inmediate port reuse instead of "timeout" to
prevent ill defined TCP/IP situations (not easily seen in real life).
Every server with a fixed port *NEED* this option in order to prevent
client connection failures as seen currently.
The problem you see with a local attacker binding to the port exists
both if you use "REUSEADDR" and if you keep the current schema, also.
--
Jesus Cea Avion _/_/ _/_/_/ _/_/_/
jcea at argo.es http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/
_/_/ _/_/ _/_/_/_/_/
PGP Key Available at KeyServ _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
More information about the Spread-users
mailing list