Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Internet Worm

From: ccsis () bath ac uk (Icarus Sparry)
Date: Tue, 18 Oct 1994 21:23:59 +0100


Sun (at least in SunOS 4) didn't do any "mucking about" with
libresolv and YP in libc.



The resolv+ package shows exactly how to replace routines in
the libc.so/sa files such that the gethostbyname()/gethostbyaddr()
lookups happen via the DNS (or NIS, or just the /etc/host file, it
depends on how you configure things).



Jim


I think you will find that Sun put a double lookup into
gethostbyaddr(), to prevent spoofing. This of course goes against
the Unix spirit of 'do one thing only, but do it well'. This double
lookup can be enabled with the resolv+ library by using the
'nospoof' command in its configuration file.

You can argue that you want this always, but if so you should write
a 'getvalidatedhostbyaddr()' routine on top of gethostbyaddr(), and
not corrupt the original routine. Programs like rlogind & rshd
should then call this new routine.
Previous By Date Next
Previous By Thread Next

Current thread: