fitz@rpi.edu (12/10/90)
Archive-name: fixes/sun-fixes/selection-svc/1990-12-09 Archive: uunet.uu.net:/sun-fixes/selection_svc.tar.Z [192.48.96.2] Original-posting-by: fitz@rpi.edu Original-subject: Re: Security problems with rcp portmapper [repost] Reposted-by: emv@ox.com (Edward Vielmetti) I would like to make a few observations about the article referred to above. 1. The "demonstration program" seems not to just demonstrate the security hole. It actually seems to attempt to delete rpc services on remote machines. It appears that this program does not create any permanent problems, but I'd like someone else to post their opinion. It does not do anything to the control file /etc/rpc, as far as I can tell. 2. If someone does this to you, you can get your services back by doing, as root, "kill -HUP <pid>", where <pid> is the process id of inetd. Rebooting also gets the services back. 3. It is possible, but I am not sure about this, that in addition to machines running SunOS4.1, some SunOS4.0.3 machines may be protected. Perhaps installing the selection_svc patch does this. Someone else can confirm or contradict me. Just in case, I'll point out here that the selection_svc patch is available by anonymous ftp from uunet.uu.net in /sun-fixes as selection_svc.tar.Z, or call 1-800-USA-4SUN, and ask for patch number: 100085-01. 4. If my first point is correct, the in my humble opinion, it might be better for the wizards out there to point out these bugs without actually providing a program that can be used to exploit them. Maybe some people plan to upgrade to 4.1, but not Right Now. For myself, I'd prefer to schedule my upgrades in a non-reactive way, when I can. 5. Just because I can't get on the "outer circle" security list of Neil Gorsuch doesn't mean I think that it is a desirable for the "core" information to become widely known so quickly. Brian Fitzgerald