You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Randy Terbush <ra...@covalent.net> on 1997/11/23 03:04:48 UTC
Re: new security model (was Re: [CONTRIB] listenwrap)
Dean,
I'm trying to catch up o some things that interested me over the past
few weeks. Have you begun any work implementing these ideas about a
new secuity model?
Re: new security model (was Re: [CONTRIB] listenwrap)
Posted by Randy Terbush <ra...@covalent.net>.
On Sat, Nov 22, 1997 at 06:29:16PM -0800, Dean Gaudet wrote:
> No it's still in the infancy stages ... listenwrap is the beginnings of
> it, but that's all I've got so far. I had to stop using it as well
> because I was getting into "bind: Address already in use" situations on
> restart that made no sense. I've got to look into why they were occuring.
> I think it's erroneous bind logic in the linux kernel, the logic that was
> put in there due to the port 2049 NFS attack a year or so ago. (The
> attack where, on essentially every Unix out there, you can use bind() to
> bind to a more specific IP address, port 2049, and steal NFS packets.)
>
> I've got a few more thoughts at
> <http://www.arctic.org/~dgaudet/apache/tomahawk/thoughts>. But I haven't
> summarized everything there yet, especially not the stuff from this
> thread.
Cool. I'm spending my evening in your personal web pages.
I've hit a milestone with my current setup and need to find a way to
extend the current model.
> I'm partying too much lately, not getting any apache work done ;)
:-) Must be the burning man influence...
Re: new security model (was Re: [CONTRIB] listenwrap)
Posted by Dean Gaudet <dg...@arctic.org>.
No it's still in the infancy stages ... listenwrap is the beginnings of
it, but that's all I've got so far. I had to stop using it as well
because I was getting into "bind: Address already in use" situations on
restart that made no sense. I've got to look into why they were occuring.
I think it's erroneous bind logic in the linux kernel, the logic that was
put in there due to the port 2049 NFS attack a year or so ago. (The
attack where, on essentially every Unix out there, you can use bind() to
bind to a more specific IP address, port 2049, and steal NFS packets.)
I've got a few more thoughts at
<http://www.arctic.org/~dgaudet/apache/tomahawk/thoughts>. But I haven't
summarized everything there yet, especially not the stuff from this
thread.
I'm partying too much lately, not getting any apache work done ;)
Dean
On Sat, 22 Nov 1997, Randy Terbush wrote:
> Dean,
>
> I'm trying to catch up o some things that interested me over the past
> few weeks. Have you begun any work implementing these ideas about a
> new secuity model?
>
>
>