Re: Bug: svnserve fail to detect it is already running

On Fri, Jul 09, 2010 at 12:05:47PM -0400, Greg Hudson wrote:
> On Fri, 2010-07-09 at 11:44 -0400, Stefan Sperling wrote:
> > As far as I can tell there is little we can do to secure svnserve
> > against this attack on Windows systems other than Server 2003,
> > because APR won't let us set the SO_EXCLUSIVEADDR option.
>
> That's okay, we don't want the SO_EXCLUSIVEADDR behavior. We want the
> default behavior under Windows, which corresponds to the SO_REUSEADDR
> behavior under Unix.

If I've read the microsoft page right, sockets to the same port can
be bound willy-nilly by any other unprivileged processes by default
on Windows other than Server 2003.

The page (http://msdn.microsoft.com/en-us/library/ms740621%28VS.85%29.aspx)
says:

"A malicious program can use SO_REUSEADDR to forcibly bind sockets
already in use for standard network protocol services in order to deny
access to those service. No special privileges are required to use this
option."

"Before the SO_EXCLUSIVEADDRUSE socket option was introduced, there was
very little a network application developer could do to prevent a
malicious program from binding to the port on which the network
application had its own sockets bound."

So not using SO_EXCLUSIVEADDR means the denial-of-service still works?

Stefan
Received on 2010-07-09 18:34:17 CEST