[52] in bugtraq
Re: Internet Worm
daemon@ATHENA.MIT.EDU (F. L. Charles Seeger III)
Thu Oct 20 12:25:57 1994
From: seeger@cis.ufl.edu (F. L. Charles Seeger III)
Date: Thu, 20 Oct 1994 09:50:44 -0400
In-Reply-To: <jim@Tadpole.COM> <9410191607.AA02963@chiba>
To: <jim@Tadpole.COM>
Cc: ccsis@bath.ac.uk, bugtraq@crimelab.com
+------ <jim@Tadpole.COM> wrote (Wed, 19-Oct-94, 11:07 -0500):
| > When ypserv doesn dns lookups on behalf of its clients with the -b hack,
| > it is using libresolv, so this case also involves Sun's mucking.
|
| Ok, I've always been speaking about libc(shared or not) here,
| and at least two of you are now speaking about libresolv.a.
So were/are you, but you don't seem to know/acknowledge it.
This entire thread began with your statement:
+------ <jim@Tadpole.COM> wrote (Tue, 18-Oct-94 13:57 -0500):
| Sun (at least in SunOS 4) didn't do any "mucking about" with
| libresolv and YP in libc.
| Was I confused, or did someone change the subject?
The answer should be obvious given your quote as evidence. My eyes
indicate that you referred to libresolv. Maybe it was forged mail.
| Yes, the gethostbyaddr() call in libresolv has the reverse lookup.
| No, its done in a different place inside ypserv. ypserv has its
| own, special version of the resolver library, and does:
|
| if (!found_addr) { /* weve been spoofed */
| syslog(LOG_CRIT, "nres_gethostbyaddr: %s != %s",
| temp->name, inet_ntoa(temp->theaddr));
| theans = NULL;
| temp->h_errno = HOST_NOT_FOUND;
| }
|
| in nres_dorecv().
Sigh.
Yes, ypserv has a partially separate resolver implementation.
And, thank-you, Jim, for including evidence that this special
implementation also includes Sun's changed semantics of cross
checking the reverse look-up with a forward lookup. I must confess
that I've never looked closely at this code, since I have never
made use of it (except for that time 5 or 6 years ago when
evaluating some HP gear running HP/UX 6.something that didn't
have DNS resolver routines). However, I tenatively believe that
it implements behavior similar to Sun's libresolv, but don't
really care enough about it to delve any further into it. The
'-b hack' is a dead end. Fini.
N.B. ypserv is linked with libresolv, but the fundamental resolver
routines are reimplemented to be asynchronous.
So, every indication is that the statement 'Sun (at least in SunOS 4)
didn't do any "mucking about" with libresolv and YP in libc' is false.
Any Sun admin worth his/her salt over the past 4 or 5 years already
knows this. My intent in this thread was not to leave unchallenged
false statements made in front of those possibly unfamiliar with
Sun idiosyncrasies. I consider that intent accomplished and plan
to waste no more time or bugtraq bandwidth on this subject.
Cheers,
Chuck
