Re: UNIX domain socket (Solarisx86 2.5)

[jmurphy () CNU ACSU BUFFALO EDU (Joel Murphy)]

> On Solarisx86 2.5 I was able to connect to a unix domain socket,
> *regardless* of permissions. After posting about it on a solaris usenet
> group the only recommendation anyone gave me was to create it in an
> unreadable directory. So the attacker would have to guess its name.
> Still *anyone* could of connected to that domain socket, and fed my
> application bogus data.

same with sparc.  Solaris uses a loopback device (/dev/ticotsord) and
streams for emulating unix domain sockets.

recently, I've been trying to write some code that would give me the
user id of the person at the other end of a unix socket or tli
connection, but I haven't had much luck.  The only way I think I could
to this would be to poke around in the kernel structures for the tl
device, which I really don't want to do.  The undocumented door calls
seem to provide authentication information, but that would be a worse.
Oh, well.  Anyone have any ideas?

There might even be a way around the directory permissions.  I don't
know if the tl device is looking at the file, or the socket emulation
code in the client is trying to be clever.

Joel Murphy