paul@tetrauk.UUCP (Paul Ashton) (10/04/90)
After recalling some discussion on SCO's cpd some time back I thought I'd investigate its behaviour. For those who don't know, cpd is the first network program that is started with SCO (Unix only?) TCP/IP that broadcasts at intervals of 1 minute some or all of the OS serial numbers on UDP port 60000. It also listens to this port for broadcasts from other machines and if it sees any it shuts its networking down. slink, the next one, will not run without cpd existing and will shut down if cpd exits. I started two kernels up with the same serial no and waited to see what happened, after a minute or so a console message appeared saying CPD: duplicate serial no or some such and proceeded to shut down the network interface. However due to the fact that it did this very abruptly, none of the network daemons were shut down properly and the machine hung. No logins were possible and ps and su didn't work. The other machine befell the same fate due to the fact (I think) that cpd doesn't shut it self down, but keeps broadcasting. Conclusions: The possibility of accidentally booting a kernel that has the same serial number as another is very real on a large site, and damage could ensue due to an uncontrolled shutdown. A huge denial of service hole obviously exists. Anyone on a none SCO machine can receive a broadcast on port 60000 and re-broadcast the data itself, this requires no privileges. If you wish to cut down your time installing on new machines it may be desirable to copy existing working/configured/tuned operating systems whole on to the new machines, this is possible with SCO's scheme but entails re-branding things here there and everywhere (and before rc2 :-)) Please note: My main concerns are for safety, security and ease of use, I am in no way advocating breaking any license agreements. Any comments? ps. it's trivial to frig :-) -- Paul