SCO copy protection daemon
Paul Ashton
paul at tetrauk.UUCP
Thu Oct 4 07:03:52 AEST 1990
After recalling some discussion on SCO's cpd some time back I thought I'd
investigate its behaviour.
For those who don't know, cpd is the first network program that is started
with SCO (Unix only?) TCP/IP that broadcasts at intervals of 1 minute some
or all of the OS serial numbers on UDP port 60000. It also listens to
this port for broadcasts from other machines and if it sees any it shuts
its networking down. slink, the next one, will not run without cpd existing
and will shut down if cpd exits.
I started two kernels up with the same serial no and waited to see what
happened, after a minute or so a console message appeared saying CPD:
duplicate serial no or some such and proceeded to shut down the network
interface. However due to the fact that it did this very abruptly, none of the
network daemons were shut down properly and the machine hung. No logins were
possible and ps and su didn't work. The other machine befell the same fate due
to the fact (I think) that cpd doesn't shut it self down, but keeps
broadcasting.
Conclusions:
The possibility of accidentally booting a kernel that has the same serial
number as another is very real on a large site, and damage could ensue due to an
uncontrolled shutdown.
A huge denial of service hole obviously exists. Anyone on a none SCO machine can
receive a broadcast on port 60000 and re-broadcast the data itself, this
requires no privileges.
If you wish to cut down your time installing on new machines it may be
desirable to copy existing working/configured/tuned operating systems whole on
to the new machines, this is possible with SCO's scheme but entails re-branding
things here there and everywhere (and before rc2 :-))
Please note: My main concerns are for safety, security and ease of use, I am in
no way advocating breaking any license agreements.
Any comments?
ps. it's trivial to frig :-)
--
Paul
More information about the Comp.unix.sysv386
mailing list