[4493] in bugtraq
UNIX domain socket (Solarisx86 2.5)
daemon@ATHENA.MIT.EDU (Thamer Al-Herbish)
Sat May 17 13:34:01 1997
Date: Sat, 17 May 1997 11:43:47 +0000
Reply-To: shadows@whitefang.com
From: Thamer Al-Herbish <shadows@WHITEFANG.COM>
To: BUGTRAQ@NETSPACE.ORG
On Solarisx86 2.5 I was able to connect to a unix domain socket,
*regardless* of permissions. After posting about it on a solaris usenet
group the only recommendation anyone gave me was to create it in an
unreadable directory. So the attacker would have to guess its name.
Still *anyone* could of connected to that domain socket, and fed my
application bogus data.
I had a look at any applications that use it. I found screen does, but
luckily in its autoconfig it decides to use pipes.
This behaviour is not present on other OSs I tested it on. (mostly BSD
variants).
This was discovered a few months ago with just about all recommended
patches applied. Since then I've moved onto safer pastures.
--
shadows@whitefang.com
shadows@kuwait.net
Thamer Al-Herbish
