From 0a10e5dd4bf3d11dc5fd0a99f399410f8bb4a224 Mon Sep 17 00:00:00 2001 From: lukem Date: Tue, 23 Mar 1999 10:59:11 +0000 Subject: [PATCH] document new bind() restrictions --- lib/libc/sys/bind.2 | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/lib/libc/sys/bind.2 b/lib/libc/sys/bind.2 index a15d16c32c36..3955ef22c1f7 100644 --- a/lib/libc/sys/bind.2 +++ b/lib/libc/sys/bind.2 @@ -1,4 +1,4 @@ -.\" $NetBSD: bind.2,v 1.12 1999/03/22 19:45:00 garbled Exp $ +.\" $NetBSD: bind.2,v 1.13 1999/03/23 10:59:11 lukem Exp $ .\" .\" Copyright (c) 1983, 1993 .\" The Regents of the University of California. All rights reserved. @@ -33,7 +33,7 @@ .\" .\" @(#)bind.2 8.1 (Berkeley) 6/4/93 .\" -.Dd June 4, 1993 +.Dd March 23, 1999 .Dt BIND 2 .Os .Sh NAME @@ -131,3 +131,34 @@ The .Fn bind function call appeared in .Bx 4.2 . +.Sh SECURITY CONSIDERATIONS +.Fn bind +was changed in +.Nx 1.4 +to prevent the binding of a socket to the same port as an existing +socket when all of the following is true: +.Bl -bullet -compact -offset indent +.It +either of the existing or new addresses is +.Li INADDR_ANY , +.It +the uid of the new socket is not root, and +the uids of the creators of the sockets are different, +.It +the address is not a multicast address, and +.It +both sockets are not bound to +.Li INADDR_ANY +with +.Li SO_REUSEPORT +set. +.El +.Pp +This prevents an attack where a user could bind to a port with +the host's IP address (after setting +.Li SO_REUSEADDR ) +and +.Sq steal +packets destined for a server that bound to the +same port with +.Li INADDR_ANY .