Bugtraq mailing list archives
UNIX domain socket (Solarisx86 2.5)
From: shadows () whitefang com (Thamer Al-Herbish)
Date: Sat, 17 May 1997 11:43:47 +0000
On Solarisx86 2.5 I was able to connect to a unix domain socket, *regardless* of permissions. After posting about it on a solaris usenet group the only recommendation anyone gave me was to create it in an unreadable directory. So the attacker would have to guess its name. Still *anyone* could of connected to that domain socket, and fed my application bogus data. I had a look at any applications that use it. I found screen does, but luckily in its autoconfig it decides to use pipes. This behaviour is not present on other OSs I tested it on. (mostly BSD variants). This was discovered a few months ago with just about all recommended patches applied. Since then I've moved onto safer pastures. -- shadows () whitefang com shadows () kuwait net Thamer Al-Herbish
Current thread:
- UNIX domain socket (Solarisx86 2.5) Thamer Al-Herbish (May 17)
- Re: UNIX domain socket (Solarisx86 2.5) Joel Murphy (May 20)
- Re: UNIX domain socket (Solarisx86 2.5) Casper Dik (May 21)
- Re: UNIX domain socket (Solarisx86 2.5) Vic Abell (May 21)
- Re: UNIX domain socket (Solarisx86 2.5) Alan Cox (May 21)
- CERT Advisory CA-97.14 - Vulnerability in metamail Aleph One (May 21)
- TrueBasic/Mac Bug Xservo (May 21)
- Re: UNIX domain socket (Solarisx86 2.5) Casper Dik (May 21)
- <Possible follow-ups>
- Re: UNIX domain socket (Solarisx86 2.5) Charles M. Hannum (May 21)
- Re: UNIX domain socket (Solarisx86 2.5) Joel Murphy (May 20)