[Spread-users] INET unable to bind to port - force kill?

Jesus Cea Avion jcea at argo.es
Mon Jul 30 15:27:40 EDT 2001


> We did use that for awhile and it helps wwith the problem, however it
> has some bad security consequences (someone else on the machine can
> also bind to the port and steal the traffic meant for Spread.) so it
> was removed in a security audit last winter.

Please, elaborate. I can't see the security problem, since an attacker
can bind the port if it's free, without using "REUSEADDR".

I can't see any security risk increase by "REUSEADDR" usage.

"REUSEADDR" simple allow inmediate port reuse instead of "timeout" to
prevent ill defined TCP/IP situations (not easily seen in real life).
Every server with a fixed port *NEED* this option in order to prevent
client connection failures as seen currently.

The problem you see with a local attacker binding to the port exists
both if you use "REUSEADDR" and if you keep the current schema, also.

-- 
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
jcea at argo.es http://www.argo.es/~jcea/ _/_/    _/_/  _/_/    _/_/  _/_/
                                      _/_/    _/_/          _/_/_/_/_/
PGP Key Available at KeyServ   _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz





More information about the Spread-users mailing list