> From: "Anthony C. Zboralski" <anthony@SCT.FR>
> Subject: Re: [SNI-14]: Solaris rpcbind vulnerability
> Date: Thu, 5 Jun 1997 05:13:07 +0200
>
> NOTE: Please don't send mail asking for strobe and lsof.
> Pristine sources at:
> ftp.suburbia:/pub/strobe*
> vic.cc.purdue.edu:/pub/tools/unix/lsof (list open files)
OH, thanks :-) I did not have strobe yet (NOT SARCASTIC!)
> Ok i checked from a remote location, a dear solaris 2.5.1 i have access
> to and there isn't one but 6 ports being listened:
...
> It looks sexy but i'll let someone else investigate 'cause i am not taking
> any more solaris shit today.. it is 4:47 am.
Just an Idea:
I did read a document saying there will be a new (so far totally
undocumented) feature named 'door' (sounds interesting ;-).
I've seen it already used in NIS+ and other name-services.
I found it by going through my (old) Solaris2.4, may be it's a regular
'feature' of Solaris >= 2.5, and I seem to remember it was created to
overcome the 'sluggishnesses' of RPC for the name- and table- services.
As I said above, I did NOT investigate, I only 'truss'ed programs, and
found most of them which use sockets seem to also use 'door's.
(And since then I always wondered which new bugs will be now in this new
security-by-obscurity(only)-'feature').
Sincerely your's, Stucki
Christoph von Stuckrad * * | talk to | <stucki@math.fu-berlin.de> \
Freie Universitaet Berlin |/_* | nickname | ...!unido!fub!leibniz!stucki|
Fachbereich Mathematik, EDV |\ * | 'stucki' | Tel:+49 30 838-7545{9|8} |
Arnimallee 2-6/14195 Berlin * * | on IRC | Fax:+49 30 838-5913 /