Re: SunOS loses with sending broadcast packets.

[Mark.Graff () Corp Sun COM ( Mark Graff )]

To answer Perry's question, Yes, several people from Sun monitor this
list. I'm one. As I have commented here before, though, I get messages
from this list out of chronological sequence and (sometimes) days after
they have been posted, so I haven't seen enough of this thread to
understand the bug and don't know whether or not it's been reported.

In my view posting a note to this mailing list does not constitute
reporting the bug to Sun, by the way, although some people have argued
to me that it does. In any event if somebody will mail me a precise
description I will make sure the bug gets into the system.

I believe the two best ways to report security bugs to Sun are to use
(1) the Answer Centers and (2) the security-alert () sun com mail alias,
which I monitor. Let me add also that I'd prefer that folks contact me
to arrange for encryption or other protection before sending precise
details of new security problems to me via e-mail.

      /\         
     \\ \        Mark G. Graff
    \ \\ /       Sun Security Coordinator
   / \/ / /      MS MPK2-04
  / /   \//\     2550 Garcia Avenue
  \//\   / /     Mountain View, CA 94043-1100
   / / /\ /      Phone: 415-688-9151
    / \\ \       Fax:   415-688-9101
     \ \\        Email: mark.graff () Sun COM
      \/
 
 From bugtraq-owner () fc net  Sun Nov  6 09:26:07 1994
 To: bugtraq () fc net
 Subject: Re: SunOS loses with sending broadcast packets. 
 X-Reposting-Policy: redistribute only with permission
 Date: Sun, 06 Nov 1994 11:55:06 -0500
 Precedence: bulk
 
 
 Darren Reed says:
> In SunOS 4.1.x, the following 4 lines seem to be missing from ip_output():
>                 if ((flags & IP_ALLOWBROADCAST) == 0) {
>                         error = EACCES;
>                         goto bad;
>                 }
> (in ip_output.c).  They're there in 4.3, 4.4...
>
> My educated guess is that they did this so that RPC would work (programs
> such as "rusers" don't appear to do a setsockopt to toggle SO_BROADCAST)
> rather than fix the RPC library (clnt_broadcast doesn't set this option
> in the RPC library I have).
 
 How utterly bogus. If true, this means that yet again, a vendor has
 managed to cause a nasty security problem for the sake of
 lazyness. Certainly that code is missing and shouldn't be.
 
> (I'm scared to think what else I've broken!).
 
 yp/NIS is the only major subsystem I can think of that depends on
 broadcast, so that might be it.
 
> p.s. has anyone reported this as a bug to Sun or know if Sun plan on
>      doing anything about this problem ?
 
 Dunno, but someone should. Anyone from Sun monitoring this mailing
 list?
 
 Perry