> This application uses SO_REUSEADDR in conjunction with INADDR_ANY. What
> it does is bind() to INADDR_ANY, then listen(). Then, it proceeds to
> bind (but _not_ listen) various other specific addresses.
That should be ok if its setting SO_REUSEADDR
> not a security problem: what's really the problem is having two
> _listens_. As long as you're only listening on the one, I don't see how
> connections/packets could be stolen.
UDP.
In fact the classic exploit consisted of binding to port 2049 witha specific
connect address set on UDP and stealing NFS packets..
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
