[162] in linux-security and linux-alert archive
XDM creates "floating" socket?
daemon@ATHENA.MIT.EDU (alex)
Tue Mar 14 06:18:35 1995
Date: Mon, 13 Mar 1995 19:42:43 -0500 (EST)
From: alex <alex@bach.cis.temple.edu>
To: Linux Security Mailing List <linux-security@tarsier.cv.nrao.edu>
[mod: I suspect that this port is opened by the Chooser, but I'm not sure.
I'd prefer if you mailed your responses to Alex directly. Alex, can
you post a summary of the responses you get? --okir]
Hi,
Okay, here's the deal: whenever I start XDM, it creates starts
listening at :6000. In addition to that another socket gets created with
a pretty random number (usually in 1030-1300 range). If one telnets to
that socket, it allows remote site to issue some kind of commands (the
only one I could check was "quit" which terminated connection). While
the connection is established, it looks like XDM (or whatever) is doing
that performs fork() and continues to listen to the socket. Whenever
"quit" command is given, the original socket gets closed and a socket
with a new number re-opens.
Now, I can't find any pattern: some Linux boxes here on campus
are known to have this feature, some aren't. Some Suns running X11R6 do
it, some don't ;-) So it is kinda funny... I could not find any
information about this floating sockets. First when I found that Suns
have this too, I though that in that case everything is okay, but some
recent events with Suns in the labs aren't making me happy
(/etc/ifconfig "forgets" to show promisc mode flag when *I* put the
card in the promisc. mode).
Best wishes,
Alex
BTW, don't "play" with these systems, don't: we kinda lost
all sence of humor.
=============================================================================
CIS Laboratories email: alex@bach.cis.temple.edu
TEMPLE UNIVERSITY ayuriev@yoda.cis.temple.edu
USA Tel: 1-800-DEV-NULL
=============================================================================
