¡Hola!
> > The following program binds *:1000 to a socket, and then tries to bind
> > 200.47.36.254:1000 to another socket, the error i gets is "Address
> > already in use". Why?
> If this wasn't prevented, it would be a security hole. If the same
> application wants to do a wildcard bind and then a specific bind to the
> same port, that's all fine and good, but consider if it was two different
> applications. Imagine that I, as either a normal user or root, run a
> webserver that binds to *:8080. Now a different user attempts to bind to
> 10.1.1.1:8080. I will assume that if I connect to port 8080 on my server,
> I will connect to my webserver, but if I connect to the address 10.1.1.1 I
> will instead be connected to the other user's server. As you can see,
> this creates a huge security hole.
> Does this answer your question?
Yes, and no. Why won't just allow binding to a "more specific" address if
the new proccess wanting to do that binding is running with the same uid
that the older one? (that's afaik how the 4.4BSD worked, I want to know
why that was changed)
> I haven't looked at the code you attached to the message; I hope it
> doesn't change my answer. :-) -Nathan
No, the code was just a way to clarify my answer.
Thanks,
HoraPe
---
Horacio J. Peña
horape@xxxxxxxxxxxxxxxxx
horape@xxxxxxxxxx
bofh@xxxxxxxxxxxxxx
horape@xxxxxxxxxxx
|