[prev in list] [next in list] [prev in thread] [next in thread] 

List:       best-of-security
Subject:    BoS: OS/2 Warp TCP/IP misfeature
From:       Julian Assange <proff () suburbia ! net>
Date:       1996-04-16 12:56:03
[Download RAW message or body]


[ I was recently reminded of this one by a thread in a newsgroup I frequent ]

It seems that in the OS/2 (2.1 and Warp) TCP/IP stack socket descriptors are
system-wide.  That is, they aren't per-process file descriptors, so if you
can discover the number of some other process's socket (and netstat -s will
helpfully list all the open sockets on the system) you can send(), recv(),
shutdown() or do many other fun things with it.

Risks include the fact that anyone with telnet access to the machine (and
OS/2 telnet security is a risk in itself) can write a program to subvert any
TCP/IP server running on it.

A shame, because otherwise it's one of the better non-Unix implementations
of the BSD socket API.

Pete

[prev in list] [next in list] [prev in thread] [next in thread]