UNIX domain socket (Solarisx86 2.5)

Thamer Al-Herbish (shadows@whitefang.com)
Sat, 17 May 1997 11:43:47 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kari E. Hurtta: "Re: Vulnerability in Elm-ME+"
Previous message: Aaron Spangler: "Re: NT4.0 SP3 Still vulnerable"
Next in thread: Joel Murphy: "Re: UNIX domain socket (Solarisx86 2.5)"

On Solarisx86 2.5 I was able to connect to a unix domain socket,
*regardless* of permissions. After posting about it on a solaris usenet
group the only recommendation anyone gave me was to create it in an
unreadable directory. So the attacker would have to guess its name.
Still *anyone* could of connected to that domain socket, and fed my
application bogus data.

I had a look at any applications that use it. I found screen does, but
luckily in its autoconfig it decides to use pipes.

This behaviour is not present on other OSs I tested it on. (mostly BSD
variants).

This was discovered a few months ago with just about all recommended
patches applied. Since then I've moved onto safer pastures.

--
shadows@whitefang.com
shadows@kuwait.net
Thamer Al-Herbish

Next message: Kari E. Hurtta: "Re: Vulnerability in Elm-ME+"
Previous message: Aaron Spangler: "Re: NT4.0 SP3 Still vulnerable"
Next in thread: Joel Murphy: "Re: UNIX domain socket (Solarisx86 2.5)"