Kacheong Poon wrote:
James Carlson wrote:
We're back to discussing the default behavior (again). We've had this
discussion many times in the past.
But not in the open like networking-discuss :-) I hope
people outside Sun can comment on this change in default
behavior.
I filed a bug, 6463285 - bind(2) behavior should be more secure when
SO_REUSEADDR option is used,
to track this problem.
I also asked for feedback from the SJS directory server group and I got
this reply from Neil Wilson -
"
I read through the proposal, and don't really have anything to add. I
do think that it's definitely
a good idea and one that is long overdue. We have run into this
problem with Directory Server (CR 4882699) where we found that it was
trivial to transparently hijack communication destined for the server,
and the default behavior on Solaris was surprising to us.
I definitely think that a solution that doesn't require code changes to
the product is the best option, and restricting the rebind in this case
to the same uid as the existing socket seems like a good approach. Even
though native applications could use TCP_EXCLBIND it would require that
the developer know about it in order to use it, and it's not really even
an option for our Java-based OpenDS project.
"
-Krishna
_______________________________________________
networking-discuss mailing list
[email protected]
