[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 00661) Re: SO_BINDTODEVICE functionality removed?

To: usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 00661) Re: SO_BINDTODEVICE functionality removed?
From: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@xxxxxxxxxxxxxx>
Date: Sun, 05 Aug 2001 00:19:56 +0900
In-reply-to: <Pine.LNX.4.33.0107281127300.1467-100000@marduk.litech.org>
List-subscribe: <mailto:usagi-users-ctl@linux-ipv6.org?body=subscribe>
References: <Pine.LNX.4.33.0107281127300.1467-100000@marduk.litech.org>
Reply-to: usagi-users@xxxxxxxxxxxxxx
Sender: "Hideaki YOSHIFUJI" <yoshfuji@xxxxxxxxxxxxxxxxxxxxxxxxx>

In article <Pine.LNX.4.33.0107281127300.1467-100000@xxxxxxxxxxxxxxxxx> (at Sat, 28 Jul 2001 11:35:23 -0400 (EDT)), Nathan Lutchansky <lutchann@xxxxxxxxxx> says:

> Why was this change made?  I suspect it was done to simplify the new bind
> semantics, but it is a critical piece of functionality for a critical
> piece of software.  Would it be possible to add this back, maybe as a
> compile-time option, so that I can run a USAGI kernel again?  Right now
> I'm using vanilla 2.4.7.

Because bind(2) for specific device after bind(2) for any device causes
the "binding-closer attack" problem.  You can steal packets by
bind(2)ing each interface attached on your box.  BAD.

--yoshfuji

Follow-Ups:
- (usagi-users 00665) Re: SO_BINDTODEVICE functionality removed?
  - From: Nathan Lutchansky

References:
- (usagi-users 00653) SO_BINDTODEVICE functionality removed?
  - From: Nathan Lutchansky

Prev by Date: (usagi-users 00660) Re: 2001/07/23 snapshot
Next by Date: (usagi-users 00662) Re: rfc2893 vs. rfc2983
Previous by thread: (usagi-users 00664) Re: SO_BINDTODEVICE functionality removed?
Next by thread: (usagi-users 00665) Re: SO_BINDTODEVICE functionality removed?
Index(es):
- Date
- Thread