On Sun, Aug 05, 2001 at 12:19:56AM +0900, YOSHIFUJI Hideaki / ?$B5HF#1QL@?(B wrote: > In article <Pine.LNX.4.33.0107281127300.1467-100000@xxxxxxxxxxxxxxxxx> (at Sat, 28 Jul 2001 11:35:23 -0400 (EDT)), Nathan Lutchansky <lutchann@xxxxxxxxxx> says: > > > Why was this change made? I suspect it was done to simplify the new bind > > semantics, but it is a critical piece of functionality for a critical > > piece of software. Would it be possible to add this back, maybe as a > > compile-time option, so that I can run a USAGI kernel again? Right now > > I'm using vanilla 2.4.7. > > Because bind(2) for specific device after bind(2) for any device causes > the "binding-closer attack" problem. You can steal packets by > bind(2)ing each interface attached on your box. BAD. But this sockopt is restricted to users with raw socket capability! That seems safe to me. -Nathan -- +-------------------+---------------------+------------------------+ | Nathan Lutchansky | lutchann@xxxxxxxxxx | Lithium Technologies | +------------------------------------------------------------------+ | I dread success. To have succeeded is to have finished one's | | business on earth... I like a state of continual becoming, | | with a goal in front and not behind. - George Bernard Shaw | +------------------------------------------------------------------+
Attachment:
pgpT0kPIPfM7p.pgp
Description: PGP signature