[31] in bugtraq
Re: Internet Worm
daemon@ATHENA.MIT.EDU (Icarus Sparry)
Tue Oct 18 18:10:35 1994
To: jim@Tadpole.COM
Cc: bugtraq@fc.net
In-Reply-To: Your message of "Tue, 18 Oct 1994 13:57:56 CDT." <9410181857.AA16440@chiba>
Date: Tue, 18 Oct 1994 21:23:59 +0100
From: Icarus Sparry <ccsis@bath.ac.uk>
>Sun (at least in SunOS 4) didn't do any "mucking about" with
>libresolv and YP in libc.
>The resolv+ package shows exactly how to replace routines in
>the libc.so/sa files such that the gethostbyname()/gethostbyaddr()
>lookups happen via the DNS (or NIS, or just the /etc/host file, it
>depends on how you configure things).
>Jim
I think you will find that Sun put a double lookup into
gethostbyaddr(), to prevent spoofing. This of course goes against
the Unix spirit of 'do one thing only, but do it well'. This double
lookup can be enabled with the resolv+ library by using the
'nospoof' command in its configuration file.
You can argue that you want this always, but if so you should write
a 'getvalidatedhostbyaddr()' routine on top of gethostbyaddr(), and
not corrupt the original routine. Programs like rlogind & rshd
should then call this new routine.