[CF-Devel] CVS nov28
Tim Rightnour
root at garbled.net
Thu Nov 28 01:45:48 CST 2002
On 28-Nov-02 Todd Mitchell wrote:
>
any ideas? Build looks normal to my untrained eye, I ran it a few times
>
through to see if I had missed something.
I see this on NetBSD all the time. usually I have to wait 1-2 minutes for the
old sockets to close out. Unfortunately, CF uses SO_REUSEPORT.. which in
netbsd:
bind(2):
SECURITY CONSIDERATIONS
bind() was changed in NetBSD 1.4 to prevent the binding of a socket to
the same port as an existing socket when all of the following is true:
o either of the existing or new addresses is INADDR_ANY,
o the uid of the new socket is not root, and the uids of the cre-
ators of the sockets are different,
o the address is not a multicast address, and
o both sockets are not bound to INADDR_ANY with SO_REUSEPORT set.
This prevents an attack where a user could bind to a port with the host's
IP address (after setting SO_REUSEADDR) and `steal' packets destined for
a server that bound to the same port with INADDR_ANY.
Perhaps other OS's have done the same more recently?
---
Tim Rightnour <
root at garbled.net
>
NetBSD: Free multi-architecture OS
http://www.netbsd.org/
NetBSD supported hardware database:
http://mail-index.netbsd.org/cgi-bin/hw.cgi
More information about the crossfire
mailing list