[Top] [All Lists]

Re: why cannot bind to someipaddress:port when something else has *:port

To: <horape@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: why cannot bind to someipaddress:port when something else has *:port bound?
From: Nathan Lutchansky <lutchann@xxxxxxxxxx>
Date: Sun, 3 Jun 2001 03:33:01 -0400 (EDT)
Cc: <netdev@xxxxxxxxxxx>
In-reply-to: <20010601144051.D16600@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-netdev@xxxxxxxxxxx
Hash: SHA1

On Fri, 1 Jun 2001 horape@xxxxxxxxxxxxxxxxxxxxxxxxxx wrote:

> The following program binds *:1000 to a socket, and then tries to bind
> to another socket, the error i gets is "Address
> already in use". Why?

If this wasn't prevented, it would be a security hole.  If the same
application wants to do a wildcard bind and then a specific bind to the
same port, that's all fine and good, but consider if it was two different
applications.  Imagine that I, as either a normal user or root, run a
webserver that binds to *:8080.  Now a different user attempts to bind to  I will assume that if I connect to port 8080 on my server,
I will connect to my webserver, but if I connect to the address I
will instead be connected to the other user's server.  As you can see,
this creates a huge security hole.

Does this answer your question?

I haven't looked at the code you attached to the message; I hope it
doesn't change my answer.  :-)  -Nathan

- -- 
| Nathan Lutchansky | lutchann@xxxxxxxxxx |  Lithium Technologies  |
|  I dread success.  To have succeeded is to have finished one's   |
|  business on earth...  I like a state of continual becoming,     |
|  with a goal in front and not behind. - George Bernard Shaw      |
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: pgpenvelope 2.10.2 -


<Prev in Thread] Current Thread [Next in Thread>