Oops... For all of you that had trouble compiling the source.. I have a patch. I agree that what I said can be thought of as security through obscurity.. However.. I never claimed that it would secure anything. Let me try to explain... A cracker is trying to exploit your vulnerable version of named. In order to do this successfully, the attacker must know what version you are running. Not only that, but they must also know what OS you run, and how you ran named (at boot/from login shell). If the cracker can't get all that information, then they are most likely going to crash named. If the administrator of the machine that is being attacked looks into why named crashed, they will find a core file. To most admins, this seems harmless enough.. we complain about poorly written software and restart named. In order for the attacker to guess the required information by trying the exploit, this process would have to be repeated several times by both parties. By the second or third time, most admins would assume named is broken and try to upgrade it. At that point, the hole gets plugged. On the other hand, if the attacker can get the required information, then a breach will be successful on the first try. This is also the case with other daemons that don't fork() for client interaction. Security through obscurity doesn't work, nor will it ever. Think about it though, every little bit helps. Why help any malicious people gain unauthorized administrator level access to your machines? Joshua James Drake jdrakeat_private http://www.pulsar.net/~jdrake/ |--- patch begins here, filename: bi-patch --- *** binfo-udp.c.old Wed Jun 10 17:10:24 1998 --- binfo-udp.c Wed Jun 10 17:21:20 1998 *************** *** 21,27 **** #include <time.h> #include <string.h> #include <ctype.h> ! #include <sys/errno.h> /* network type includes */ #include <sys/types.h> #include <sys/socket.h> --- 21,27 ---- #include <time.h> #include <string.h> #include <ctype.h> ! #include <errno.h> /* network type includes */ #include <sys/types.h> #include <sys/socket.h> *************** *** 89,95 **** memcpy(&ra->sin_addr.s_addr, he->h_addr, 4); return 1; } ! herror("Unable to resolve hostname"); return 0; } --- 89,95 ---- memcpy(&ra->sin_addr.s_addr, he->h_addr, 4); return 1; } ! fprintf(stderr, "Unable to resolve hostname: %s\n", hn); return 0; } *************** *** 161,167 **** --- 161,169 ---- #ifdef DEBUG printf("write() success\n"); #endif + #ifndef __sun__ siginterrupt(SIGALRM, 1); + #endif signal(SIGALRM, handle_alarm); alarm(3); pktlen = read(sd, pkt, pktl); |--- end of patch ---
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:57:25 PDT