[391] in Best-of-Security


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

BoS: Solaris 2.6 and sockets

daemon@ATHENA.MIT.EDU (Wojciech Tryc)
Sun Oct 12 19:15:31 1997

Old-X-Envelope-From: wojtek@tryc.on.ca  Sat Oct  4 11:54:52 1997
Date: Fri, 03 Oct 1997 21:55:27 -0400
From: wojtek@tryc.on.ca (Wojciech Tryc)
Cc: best-of-security@cyber.com.au, mysql@tcx.se
Old-X-Originally-To: To: BUGTRAQ@NETSPACE.ORG
Old-X-Originated-From: From: wojtek@tryc.on.ca (Wojciech Tryc)
Errors-To: best-of-security-request@cyber.com.au
To: best-of-security@cyber.com.au
Resent-From: best-of-security@cyber.com.au


I have noticed strange things happening under Solaris 2.6 (final release)
Any Unix socket created by ANY application has permissions 4777!!!!
ie: srwxrwxrwx 1 root root	0 Oct	3 21:22 mysql.sock
Check out your /tmp directory :)

Here is a sample code (by Nirva):

#include <stdio.h>
#include <stdlib.h>
#include <sys/un.h>
#include <sys/socket.h>

main(int argc, char *argv[])
{
    struct sockaddr_un addr;
    int s;

    s = socket(AF_UNIX, SOCK_STREAM, 0);

    bzero(&addr, sizeof(addr));
    addr.sun_family = AF_UNIX;
    strcpy(addr.sun_path, "/tmp/yoursocket");
    if (bind(s, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
        perror("bind");
        exit(1);
    }
    sleep(100);

    exit(0);
}


Wojciech Tryc
-----------------------------------------------------
"There is nothing more permanent
than a temporary solution..."
-----------------------------------------------------
wojtek@tryc.on.ca wojtek@trytel.com
virterm@infreno.tusculum.edu virterm@nether.net
wojciech.tryc@kanatek.ca wojtek@fos.net
wojtek@biodome.org http://www.tryc.on.ca
-----------------------------------------------------


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[391] in Best-of-Security

BoS: Solaris 2.6 and sockets

daemon@ATHENA.MIT.EDU (Wojciech Tryc)Sun Oct 12 19:15:31 1997

daemon@ATHENA.MIT.EDU (Wojciech Tryc)
Sun Oct 12 19:15:31 1997