Hello listmembers, is it possible for a remote cracker to misuse unix domain sockets? i know the dangers of open tcp or udp ports, but what about these sockets? can anyone tell me more about this topic? thank you in advance, Thomas Reitelbach
Hello Thomas Reitelbach -677! On Tue, Jan 23, 2001 at 09:43:33AM +0100, Thomas Reitelbach -677 wrote:
is it possible for a remote cracker to misuse unix domain sockets? i know the dangers of open tcp or udp ports, but what about these sockets? can anyone tell me more about this topic?
The "dangers" of open ports are the weaknesses of the programs listening on those ports. This applies to any kind of socket. Nevertheless the unix domain is a local domain so there should be no way to exploit any weaknesses without having local access to the machine. Regards Johannes
On Tue, 23 Jan 2001, Thomas Reitelbach -677 wrote: hi, UNIX sockets are local sockets. Only local programs can attach it. However this is sometoimes bad enough, i.e. when you send credentials to the socket and you don't know who is listening :) Sebastian
Hello listmembers,
is it possible for a remote cracker to misuse unix domain sockets? i know the dangers of open tcp or udp ports, but what about these sockets? can anyone tell me more about this topic?
thank you in advance, Thomas Reitelbach
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
all open ports are a possible security risk. Think about it, if you close all the doors to your hours and bolt them, no one can come in, but if you leave some doors open, especially doors you don't use, people will be able to sneak in. michael On Tue, 23 Jan 2001, Thomas Reitelbach -677 wrote:
Hello listmembers,
is it possible for a remote cracker to misuse unix domain sockets? i know the dangers of open tcp or udp ports, but what about these sockets? can anyone tell me more about this topic?
thank you in advance, Thomas Reitelbach
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (4)
-
Johannes Geiger
-
Michael Chletsos
-
Sebastian Krahmer
-
Thomas Reitelbach -677