Re: Hamm Bug Stamp-Out List now on www

To: Branden Robinson <branden@purdue.edu>
Cc: debian-devel@lists.debian.org
Subject: Re: Hamm Bug Stamp-Out List now on www
From: Raul Miller <rdm@test.legislate.com>
Date: Wed, 8 Jul 1998 17:52:03 -0400
Message-id: <[🔎] 19980708175203.Q786@test.legislate.com>
Mail-followup-to: Branden Robinson <branden@purdue.edu>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 19980708140838.A23459@purdue.edu>; from Branden Robinson on Wed, Jul 08, 1998 at 02:08:38PM -0500
References: <[🔎] 19980708184605.A22890@wiggy.ml.org> <[🔎] 19980708135740.H786@test.legislate.com> <[🔎] 19980708140838.A23459@purdue.edu>

Branden Robinson <branden@purdue.edu> wrote:
> On Wed, Jul 08, 1998 at 01:57:40PM -0400, Raul Miller wrote:
> > Hmm... I'm puzzling over bugs 22877 and 22878.
> > 
> > First, that xdm leaves the socket open is a bug, but it isn't a
> > release-critical bug. Applications that don't know about the socket
> > (that is, everthing but xbase) will, in general, ignore it entirely.
> > 
> > Second, that xbase has the socket open is a security bug, simply because
> > it's an undocumented service (XDMCP is documented as using UDP port 177,
> > so it can't be that).
> 
> Well, I'd say that "second" overrides "first".  Because it's a security
> bug, it's a bug in general.  And security bugs are always of severity
> important or greater.

I've looked at this a bit more.

xdm opens two sockets, a udp socket (port 177) for xdmcp, and a tcp
socket (random port) for the chooser. This happens in socket.c in
CreateWellKnownSockets().

I believe that the XDMCP protocol is used to advertise whatever port
got picked.

It looks like a call to DestroyWellKnownSockets() should be added
to CleanUpChild in xdm's util.c  -- that takes care of the initial
concern.

I chouldn't find much documentation on the chooser -- why it needed
xdm to listen to some random port.  The best documentation I could
find was the xdm man page, and it didn't say much on the topic of 
non-local choosers.  My guess is that this was written this way
because some operating systems don't have pipes, and this code
was written to be portable to very sludgy systems.

Looking at the source, in choose.c there's ProcessChooserSocket
which seems to be the only thing that deals with traffic on
this socket.  It pulls some address information out and calls
RegisterIndirectChoice...  I suppose I could delve further, but
since maybe my time would be better spent grepping through
the x books...

Does any of this ring a bell?  Am I completely wasting my time?

-- 
Raul

--  
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Hamm Bug Stamp-Out List now on www
  - From: Steve Dunham <dunham@cse.msu.edu>

References:
- Hamm Bug Stamp-Out List now on www
  - From: Wichert Akkerman <wichert@wiggy.ml.org>
- Re: Hamm Bug Stamp-Out List now on www
  - From: Raul Miller <rdm@test.legislate.com>
- Re: Hamm Bug Stamp-Out List now on www
  - From: Branden Robinson <branden@purdue.edu>

Prev by Date: Access to m68k hamm machine ?
Next by Date: Re: why are packages stuck in Incoming
Previous by thread: Re: Hamm Bug Stamp-Out List now on www
Next by thread: Re: Hamm Bug Stamp-Out List now on www
Index(es):
- Date
- Thread