Bugtraq mailing list archives

UNIX domain socket (Solarisx86 2.5)

From: shadows () whitefang com (Thamer Al-Herbish)
Date: Sat, 17 May 1997 11:43:47 +0000


On Solarisx86 2.5 I was able to connect to a unix domain socket,
*regardless* of permissions. After posting about it on a solaris usenet
group the only recommendation anyone gave me was to create it in an
unreadable directory. So the attacker would have to guess its name.
Still *anyone* could of connected to that domain socket, and fed my
application bogus data.

I had a look at any applications that use it. I found screen does, but
luckily in its autoconfig it decides to use pipes.

This behaviour is not present on other OSs I tested it on. (mostly BSD
variants).

This was discovered a few months ago with just about all recommended
patches applied. Since then I've moved onto safer pastures.

--
shadows () whitefang com
shadows () kuwait net
Thamer Al-Herbish

Current thread:

UNIX domain socket (Solarisx86 2.5) Thamer Al-Herbish (May 17)
- Re: UNIX domain socket (Solarisx86 2.5) Joel Murphy (May 20)
  - Re: UNIX domain socket (Solarisx86 2.5) Casper Dik (May 21)
    - Re: UNIX domain socket (Solarisx86 2.5) Vic Abell (May 21)
    - Re: UNIX domain socket (Solarisx86 2.5) Alan Cox (May 21)
    - CERT Advisory CA-97.14 - Vulnerability in metamail Aleph One (May 21)
  - TrueBasic/Mac Bug Xservo (May 21)
- <Possible follow-ups>
- Re: UNIX domain socket (Solarisx86 2.5) Charles M. Hannum (May 21)