Bugtraq mailing list archives
Re: UNIX domain socket (Solarisx86 2.5)
From: jmurphy () CNU ACSU BUFFALO EDU (Joel Murphy)
Date: Tue, 20 May 1997 14:58:36 -0400
On Solarisx86 2.5 I was able to connect to a unix domain socket, *regardless* of permissions. After posting about it on a solaris usenet group the only recommendation anyone gave me was to create it in an unreadable directory. So the attacker would have to guess its name. Still *anyone* could of connected to that domain socket, and fed my application bogus data.
same with sparc. Solaris uses a loopback device (/dev/ticotsord) and streams for emulating unix domain sockets. recently, I've been trying to write some code that would give me the user id of the person at the other end of a unix socket or tli connection, but I haven't had much luck. The only way I think I could to this would be to poke around in the kernel structures for the tl device, which I really don't want to do. The undocumented door calls seem to provide authentication information, but that would be a worse. Oh, well. Anyone have any ideas? There might even be a way around the directory permissions. I don't know if the tl device is looking at the file, or the socket emulation code in the client is trying to be clever. Joel Murphy
Current thread:
- UNIX domain socket (Solarisx86 2.5) Thamer Al-Herbish (May 17)
- Re: UNIX domain socket (Solarisx86 2.5) Joel Murphy (May 20)
- Re: UNIX domain socket (Solarisx86 2.5) Casper Dik (May 21)
- Re: UNIX domain socket (Solarisx86 2.5) Vic Abell (May 21)
- Re: UNIX domain socket (Solarisx86 2.5) Alan Cox (May 21)
- CERT Advisory CA-97.14 - Vulnerability in metamail Aleph One (May 21)
- TrueBasic/Mac Bug Xservo (May 21)
- Re: UNIX domain socket (Solarisx86 2.5) Casper Dik (May 21)
- <Possible follow-ups>
- Re: UNIX domain socket (Solarisx86 2.5) Charles M. Hannum (May 21)
- Re: UNIX domain socket (Solarisx86 2.5) Joel Murphy (May 20)