[47] in bugtraq
Re: Internet Worm
daemon@ATHENA.MIT.EDU (F. L. Charles Seeger III)
Wed Oct 19 13:58:28 1994
From: seeger@cis.ufl.edu (F. L. Charles Seeger III)
Date: Wed, 19 Oct 1994 11:47:35 -0400
In-Reply-To: jim@Tadpole.COM <9410182157.AA17191@chiba>
To: jim@Tadpole.COM, ccsis@bath.ac.uk
Cc: bugtraq@fc.net
+------ jim@Tadpole.COM wrote (Tue, 18-Oct-94, 16:57 -0500):
| > I think you will find that Sun put a double lookup into
| > gethostbyaddr(), to prevent spoofing. This of course goes against
| > the Unix spirit of 'do one thing only, but do it well'. This double
| > lookup can be enabled with the resolv+ library by using the
| > 'nospoof' command in its configuration file.
|
| I think that you will find that you are wrong, and the reverse lookup
| actually happens in ypserv, specificly in the part that looks up
| addresses via the DNS, not the routine in libc. If you still think
| I'm wrong, I invite you to disassemble gethostent.o from libc.a and
| take a look for anything that might be code that does a reverse lookup.
No, the previous poster, Icarus Sparry <ccsis@bath.ac.uk>, is correct,
though there appears to be a little confusion over where these changes
actually reside.
+------ jim@Tadpole.COM wrote (Tue, 18-Oct-94, 13:57 -0500):
| Sun (at least in SunOS 4) didn't do any "mucking about" with
| libresolv and YP in libc. ypserv(e) is responsible for
| consulting the DNS, if the NIS maps (host.byname/byaddr) are
| setup with a special key/value pair.
There is no libresolv in libc as delivered off Sun's distribution media.
Sun did "muck about" with libresolv, and Sun did provide instructions on
placing these same routines in the shared version of libc.
The YP calls either are no different than reading the host table,
where the forward and reverse lookups are guaranteed to match
(short of a significant YP failure). So, this is a degenerate case
of no interest.
When ypserv doesn dns lookups on behalf of its clients with the -b hack,
it is using libresolv, so this case also involves Sun's mucking.
QED.
Regards,
Chuck
