On Sun, Jun 03, 2001 at 03:45:45AM -0400, Nathan Lutchansky wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sun, 3 Jun 2001, horape@xxxxxxxxxxxxxxxxxxxxxxxxxx wrote:
>
> > > > The following program binds *:1000 to a socket, and then tries to bind
> > > > 200.47.36.254:1000 to another socket, the error i gets is "Address
> > > > already in use". Why?
> >
> > > If this wasn't prevented, it would be a security hole. If the same
> > > application wants to do a wildcard bind and then a specific bind to the
> > > same port, that's all fine and good, but consider if it was two different
> > > applications.
> >
> > Why won't just allow binding to a "more specific" address if the new
> > proccess wanting to do that binding is running with the same uid that
> > the older one? (that's afaik how the 4.4BSD worked, I want to know why
> > that was changed)
Yes, I think that's normal BSD behavior.
> I imagine there are issues with some types of network applications like
> FTP daemons that "hunt" for an open port by repeatedly trying to bind to
> specific port numbers within a range. If the hunting was done with
> specific IP addresses, it would be possible for a daemon hunting as root
> to tromp over a wildcard-bound daemon listening on a well-known port.
>
> This is just a guess though; there are probably other, better reasons and
> my guess may not even be accurate. ;-)
SO_REUSEADDR lets you do what you ask sort of. There is one interesting
problem though. If have used bind(2) on two suck sockets using
SO_REUSEADDR and try to use listen(2) on both, the second listen fails.
I find this odd, I've only seen this on Linux so far.
Stig
|