flexlm on HPs requires rw-rw-rw- on /dev/lan0

flexlm on HPs requires rw-rw-rw- on /dev/lan0

Post by Mark Sienkiewi » Sun, 15 May 1994 07:01:39





Quote:

>Thus, to run flexlm, you must chmod 666 /dev/lan0.

>Both companies have told me, in essence, that this is a non-issue.  Am I
>being paranoid, or is it a major security hold to have /dev/lan0 open
>for public reading (and *WRITING*)?

  [ First off, tell them to type
  % uname -a
  HP-UX roissy A.09.01 A 9000/710 2000058403 two-user license
                                  ^^^^^^^^^^
  and look at this number.  HP says it is unique per machine and will
  stay the same if HP replaces your board.  They don't make the same
  claim about your ethernet address.
  ]

HP doesn't support promiscuous mode through /dev/lan0, so you cannot
eavesdrop on the net as a whole.  You can't send ethernet frames that
look like they came from a different computer.  You can't send or receive
ethernet frames with a type field that is in use by some other thing
in your computer, so you can't spoof IP because the kernel has already
claimed that protocol-type for itself.  You can't reset the interface
unless you are root.  [This is all determined from a machine that
*doesn't* have the STREAMS add-on.]

Now for the security holes:

If there is *any* protocol in use on your network that your HP box is
*not* using, that protocol can be spoofed from your machine through the
/dev/lan0 interface.  This could mean Novell or DECNET or it could just
mean gobs of broadcast packets containing the string "YADDA YADDA YADDA".

Don't forget that routers often are set up to forward more than just
IP packets.  For example, the network here also forwards IPX packets,
so I could use my HP to attack a Novell machine on the other side of
the campus, if I was willing to implement Novell protocols as user
level code.

 
 
 

flexlm on HPs requires rw-rw-rw- on /dev/lan0

Post by James W. Barbo » Sun, 15 May 1994 04:57:15


Hi,

I have now evaluated two separate products for our HPs that require
flexlm.  The current version of flexlm for HPs uses the ethernet address
of the machine as its host id.  Further, because of a bug in the flexlm
software, flexlm opens /dev/lan0 read/write rather then readonly.

Thus, to run flexlm, you must chmod 666 /dev/lan0.

Both companies have told me, in essence, that this is a non-issue.  Am I
being paranoid, or is it a major security hold to have /dev/lan0 open
for public reading (and *WRITING*)?

Thanks,

--
Jim Barbour             National Oceanic and Atmospheric Administration (NOAA)

Voice:(303) 497-5262    325 Broadway R/E/FS4
FAX:  (303) 497-7256    Boulder, Co. 80303

 
 
 

1. I want FTP default to be -rwxrwxrwx files, NOT system default like -rw-rw-rw- files !

Hi,

I am a "rookie" HP-UNIX  Sys Adminstrator.

I want FTP to be default at -rwxrwxrwx for all files.  I don't want the
system default like -rw-rw-rw- or whatever.

I tried "umask" in the profile file (setting umask to 0) and I got the
system default mode like -rw-rw-rw-.  I tried the ftpd command in the
"inetd.conf" configuration file and I still got the system default.  How can
I "bypass" this system default ?  What does the system default come from ?
I really hope it's possible.

Let you know that I am not interested in "anonymous" FTP.

Any recommedation or suggestion ?

Thank you,
John

2. Apache .htaccess Netscape Problem

3. A SIMPLE SHELL PROGRAM CHANGE /etc/passwd mode to -rw-rw-rw-

4. bogus do_no_page messages

5. File permission set to -rw-rw-rw-?by Apache/CGI?

6. newbie networking question

7. Summary: ftpd from SunOS 4.1.3 creates files with rw-rw-rw

8. installation problem

9. I want FTP default to be -rwxrwxrwx files, NOT system default like -rw-rw-rw- files !

10. vi (Re: =-> Is /tmp: -rw-rw-rw- root system" a risc?)

11. ftpd from SunOS 4.1.3 creates files with rw-rw-rw

12. prw-rw-rw /dev/log

13. broken 2.2 IDE CD-RW (was Re: plain 2.2.X: no ide CD-RW?)