Bugtraq mailing list archives
Re: SunOS loses with sending broadcast packets.
From: Mark.Graff () Corp Sun COM ( Mark Graff )
Date: Mon, 7 Nov 1994 12:27:57 -0800
To answer Perry's question, Yes, several people from Sun monitor this list. I'm one. As I have commented here before, though, I get messages from this list out of chronological sequence and (sometimes) days after they have been posted, so I haven't seen enough of this thread to understand the bug and don't know whether or not it's been reported. In my view posting a note to this mailing list does not constitute reporting the bug to Sun, by the way, although some people have argued to me that it does. In any event if somebody will mail me a precise description I will make sure the bug gets into the system. I believe the two best ways to report security bugs to Sun are to use (1) the Answer Centers and (2) the security-alert () sun com mail alias, which I monitor. Let me add also that I'd prefer that folks contact me to arrange for encryption or other protection before sending precise details of new security problems to me via e-mail. /\ \\ \ Mark G. Graff \ \\ / Sun Security Coordinator / \/ / / MS MPK2-04 / / \//\ 2550 Garcia Avenue \//\ / / Mountain View, CA 94043-1100 / / /\ / Phone: 415-688-9151 / \\ \ Fax: 415-688-9101 \ \\ Email: mark.graff () Sun COM \/ From bugtraq-owner () fc net Sun Nov 6 09:26:07 1994 To: bugtraq () fc net Subject: Re: SunOS loses with sending broadcast packets. X-Reposting-Policy: redistribute only with permission Date: Sun, 06 Nov 1994 11:55:06 -0500 Precedence: bulk Darren Reed says:
In SunOS 4.1.x, the following 4 lines seem to be missing from ip_output(): if ((flags & IP_ALLOWBROADCAST) == 0) { error = EACCES; goto bad; } (in ip_output.c). They're there in 4.3, 4.4... My educated guess is that they did this so that RPC would work (programs such as "rusers" don't appear to do a setsockopt to toggle SO_BROADCAST) rather than fix the RPC library (clnt_broadcast doesn't set this option in the RPC library I have).
How utterly bogus. If true, this means that yet again, a vendor has managed to cause a nasty security problem for the sake of lazyness. Certainly that code is missing and shouldn't be.
(I'm scared to think what else I've broken!).
yp/NIS is the only major subsystem I can think of that depends on broadcast, so that might be it.
p.s. has anyone reported this as a bug to Sun or know if Sun plan on doing anything about this problem ?
Dunno, but someone should. Anyone from Sun monitoring this mailing list? Perry
Current thread:
- SunOS loses with sending broadcast packets. Darren Reed (Nov 06)
- Re: SunOS loses with sending broadcast packets. Perry E. Metzger (Nov 06)
- Re: SunOS loses with sending broadcast packets. Rens Troost (Nov 06)
- <Possible follow-ups>
- Re: SunOS loses with sending broadcast packets. Mark Graff (Nov 07)
- Re: SunOS loses with sending broadcast packets. Perry E. Metzger (Nov 06)