[189] in bugtraq
Re: SunOS loses with sending broadcast packets.
daemon@ATHENA.MIT.EDU (Mark Graff )
Mon Nov 7 18:05:01 1994
Date: Mon, 7 Nov 1994 12:27:57 -0800
From: Mark.Graff@Corp.Sun.COM ( Mark Graff )
To: bugtraq@fc.net
Cc: Mark.Graff@Corp.Sun.COM
To answer Perry's question, Yes, several people from Sun monitor this
list. I'm one. As I have commented here before, though, I get messages
from this list out of chronological sequence and (sometimes) days after
they have been posted, so I haven't seen enough of this thread to
understand the bug and don't know whether or not it's been reported.
In my view posting a note to this mailing list does not constitute
reporting the bug to Sun, by the way, although some people have argued
to me that it does. In any event if somebody will mail me a precise
description I will make sure the bug gets into the system.
I believe the two best ways to report security bugs to Sun are to use
(1) the Answer Centers and (2) the security-alert@sun.com mail alias,
which I monitor. Let me add also that I'd prefer that folks contact me
to arrange for encryption or other protection before sending precise
details of new security problems to me via e-mail.
/\
\\ \ Mark G. Graff
\ \\ / Sun Security Coordinator
/ \/ / / MS MPK2-04
/ / \//\ 2550 Garcia Avenue
\//\ / / Mountain View, CA 94043-1100
/ / /\ / Phone: 415-688-9151
/ \\ \ Fax: 415-688-9101
\ \\ Email: mark.graff@Sun.COM
\/
From bugtraq-owner@fc.net Sun Nov 6 09:26:07 1994
To: bugtraq@fc.net
Subject: Re: SunOS loses with sending broadcast packets.
X-Reposting-Policy: redistribute only with permission
Date: Sun, 06 Nov 1994 11:55:06 -0500
Precedence: bulk
Darren Reed says:
> In SunOS 4.1.x, the following 4 lines seem to be missing from ip_output():
> if ((flags & IP_ALLOWBROADCAST) == 0) {
> error = EACCES;
> goto bad;
> }
> (in ip_output.c). They're there in 4.3, 4.4...
>
> My educated guess is that they did this so that RPC would work (programs
> such as "rusers" don't appear to do a setsockopt to toggle SO_BROADCAST)
> rather than fix the RPC library (clnt_broadcast doesn't set this option
> in the RPC library I have).
How utterly bogus. If true, this means that yet again, a vendor has
managed to cause a nasty security problem for the sake of
lazyness. Certainly that code is missing and shouldn't be.
> (I'm scared to think what else I've broken!).
yp/NIS is the only major subsystem I can think of that depends on
broadcast, so that might be it.
> p.s. has anyone reported this as a bug to Sun or know if Sun plan on
> doing anything about this problem ?
Dunno, but someone should. Anyone from Sun monitoring this mailing
list?
Perry
