On Fri, Jul 09, 2010 at 12:05:47PM -0400, Greg Hudson wrote: > On Fri, 2010-07-09 at 11:44 -0400, Stefan Sperling wrote: > > As far as I can tell there is little we can do to secure svnserve > > against this attack on Windows systems other than Server 2003, > > because APR won't let us set the SO_EXCLUSIVEADDR option. > > That's okay, we don't want the SO_EXCLUSIVEADDR behavior. We want the > default behavior under Windows, which corresponds to the SO_REUSEADDR > behavior under Unix.
If I've read the microsoft page right, sockets to the same port can be bound willy-nilly by any other unprivileged processes by default on Windows other than Server 2003. The page (http://msdn.microsoft.com/en-us/library/ms740621%28VS.85%29.aspx) says: "A malicious program can use SO_REUSEADDR to forcibly bind sockets already in use for standard network protocol services in order to deny access to those service. No special privileges are required to use this option." "Before the SO_EXCLUSIVEADDRUSE socket option was introduced, there was very little a network application developer could do to prevent a malicious program from binding to the port on which the network application had its own sockets bound." So not using SO_EXCLUSIVEADDR means the denial-of-service still works? Stefan
