Subject: Re: tightening control on socket bind()ing
To: None <>
From: Guenther Grau <>
List: tech-security
Date: 03/09/1999 11:16:53

Luke Mewburn wrote:
> 4. use the solution that FreeBSD use (derived from the OpenBSD
>    solution): prevent a bind if another socket on the same port is
>    bound, irregardless of whether SO_REUSE{ADDR,PORT} is set, if
>    the following is not true:
>         * the new bind() is being done by euid==0, or
>         * the new bind() is of a different euid to the existing socket
> after discussion with a few other people, it appears that `4.' is
> probably the sanest/easiest solution; it requires no code modification
> of existing daemons, and shouldn't affect.
> i've attached diffs against -current which implement this.
> an extension of this would be to store the realuid as well,
> as that could possibly be used to speed up identd lookups (i
> think openbsd did this after freebsd grabbed the code from
> openbsd).

First of all, the patches for the man-pages are missing, but I am sure
you can fix that :-)

I must admit that I don't like solution. What if two people
on the same machine want to listen to the same mbone video
broadcasting? Only the first will succeed? Maybe at least in case
of multi-cast sockets this restriction should not be imposed.

IMHO, for a clean solution, we need yet another attribute to
indicate if the above restriction should apply. How about
SO_REUSE{ADDR,PORT}_INSECURE? Programs which want to allow
the insecure behaviour can do so, and the existing daemons
will work fine. I'd prefer SO_REUSE{ADDR,PORT}_SECURE, because
this would preserve existing behaviour for other applications.
That way we'd have to change the daemons, but hey, they are
our code, and 3rd party sw is not.