home *** CD-ROM | disk | FTP | other *** search
/ Source Code 1994 March / Source_Code_CD-ROM_Walnut_Creek_March_1994.iso / compsrcs / misc / volume36 / securlib / part01 < prev    next >
Encoding:
Text File  |  1993-03-11  |  60.0 KB  |  1,192 lines
  1. Newsgroups: comp.sources.misc
  2. From: phil@pex.eecs.nwu.edu (William LeFebvre)
  3. Subject: v36i015:  securelib - Shared library control for network daemon access, Part01/03
  4. Message-ID: <csm-v36i015=securelib.154226@sparky.IMD.Sterling.COM>
  5. X-Md4-Signature: af64ad1815d7c4a20ed5b0abaa69808e
  6. Date: Fri, 12 Mar 1993 21:44:33 GMT
  7. Approved: kent@sparky.imd.sterling.com
  8.  
  9. Submitted-by: phil@pex.eecs.nwu.edu (William LeFebvre)
  10. Posting-number: Volume 36, Issue 15
  11. Archive-name: securelib/part01
  12. Environment: SunOS 4.1.x
  13.  
  14. This package contains replacement routines for these three kernel
  15. calls: accept, recvfrom, recvmsg.  These replacements are compatible
  16. with the originals, with the additional functionality that they check
  17. the Internet address of the machine initiating the connection to make
  18. sure that it is "allowed" to connect.
  19.  
  20. Once compiled, these can be used when building a new shared libc.  The
  21. resulting libc.so can then be put in a special place.  Any program
  22. that should be protected can then be started with an alternate
  23. LD_LIBRARY_PATH.
  24.  
  25. Do you need to use this?  If you can answer all of these questions
  26. with "yes", then this package will benefit you:
  27.  
  28.     Are you connected to the Internet (even via a local or
  29.     regional network)?
  30.  
  31.     Do all of the routers/gateways between your machine and the
  32.     "rest of the world" route all packets regardless of protocol
  33.     or port number?
  34.  
  35.     Are you concerned about the fact that any user on any system
  36.     anywhere on the Internet can connect to any network daemon
  37.     that runs on your machine, including ypserv and pwdauthd?
  38.  
  39. What you need:
  40.     SunOS version 4.1, 4.1.1, or 4.1.2 or 4.1.3,
  41.     installation of the "shared library" option,
  42.     root access.
  43.  
  44. SunOS 5 (Solaris 2.0) users are on your own.  I have no idea if this
  45. will work with version 5 or its successors.
  46.  
  47. Written by William LeFebvre, EECS Department, Northwestern University.
  48. Internet address: phil@eecs.nwu.edu
  49.  
  50. Code for reading the configuration file, along with a few important
  51. patches, was provided by Sam Horrocks of UCI (sam@ics.uci.edu).
  52. -----------
  53. #! /bin/sh
  54. # This is a shell archive.  Remove anything before this line, then feed it
  55. # into a shell via "sh file" or similar.  To overwrite existing files,
  56. # type "sh file -c".
  57. # Contents:  README Makefile accept.c install_newlib recvfrom.c
  58. #   recvmsg.c securelib.conf.ex securelib.ps.C
  59. # Wrapped by kent@sparky on Fri Mar 12 09:49:52 1993
  60. PATH=/bin:/usr/bin:/usr/ucb:/usr/local/bin:/usr/lbin ; export PATH
  61. echo If this archive is complete, you will see the following message:
  62. echo '          "shar: End of archive 1 (of 3)."'
  63. if test -f 'README' -a "${1}" != "-c" ; then 
  64.   echo shar: Will not clobber existing file \"'README'\"
  65. else
  66.   echo shar: Extracting \"'README'\" \(11209 characters\)
  67.   sed "s/^X//" >'README' <<'END_OF_FILE'
  68. XSunOS 4.1 secure C library package
  69. X
  70. XWritten by William LeFebvre, EECS Department, Northwestern University.
  71. XInternet address: phil@eecs.nwu.edu
  72. X
  73. XCode for reading the configuration file, along with a few important
  74. Xpatches, was provided by Sam Horrocks of UCI (sam@ics.uci.edu).
  75. X
  76. XOVERVIEW:
  77. X
  78. XThis package contains replacement routines for these three kernel
  79. Xcalls: accept, recvfrom, recvmsg.  These replacements are compatible
  80. Xwith the originals, with the additional functionality that they check
  81. Xthe Internet address of the machine initiating the connection to make
  82. Xsure that it is "allowed" to connect.
  83. X
  84. XOnce compiled, these can be used when building a new shared libc.  The
  85. Xresulting libc.so can then be put in a special place.  Any program
  86. Xthat should be protected can then be started with an alternate
  87. XLD_LIBRARY_PATH.
  88. X
  89. XWhat you need:
  90. X    SunOS version 4.1, 4.1.1, or 4.1.2 (or 4.1.3 if there ever is one),
  91. X    installation of the "shared library" option,
  92. X    root access.
  93. X
  94. XSunOS 5 (Solaris 2.0) users are on your own.  I have no idea if this
  95. Xwill work with version 5 or its successors.
  96. X
  97. XYou can see if your machine has the shared library option installed by
  98. Xlooking for the directory "/usr/lib/shlib.etc".  If it is not
  99. Xinstalled, then you will need to extract it from the distribution
  100. Xtapes (Sun-factory installed machines will NOT have it installed).
  101. X
  102. XDo you need to use this?  If you can answer all of these questions
  103. Xwith "yes", then this package will benefit you:
  104. X
  105. X    Are you connected to the Internet (even via a local or
  106. X    regional network)?
  107. X
  108. X    Do all of the routers/gateways between your machine and the
  109. X    "rest of the world" route all packets regardless of protocol
  110. X    or port number?
  111. X
  112. X    Are you concerned about the fact that any user on any system
  113. X    anywhere on the Internet can connect to any network daemon
  114. X    that runs on your machine, including ypserv and pwdauthd?
  115. X
  116. XAVAILABILITY:
  117. X
  118. XThe latest version of securelib is available via anonymous FTP from
  119. Xthe host "eecs.nwu.edu".  It is stored in the file "pub/securelib.tar".
  120. XRemember to use the "binary" transfer mode!
  121. X
  122. XDETAILS:
  123. X
  124. XEach modified system call has the same basic algorithm:
  125. X
  126. X{
  127. X    int retval;
  128. X
  129. X    if ((retval = syscall(...)) >= 0)
  130. X    {
  131. X        if (_ok_address(socket, addr, *addrlen))
  132. X        {
  133. X            return (retval);
  134. X        }
  135. X        close(retval); /* this line: "accept" only */
  136. X        errno = ECONNREFUSED;
  137. X        return (-1);
  138. X    }
  139. X    return (retval);
  140. X}
  141. X
  142. XConnections that are established from a host that is not "okay" will
  143. Xbe closed (if established via "accept"), then errno will be set to
  144. XECONNREFUSED and the calling application will get an error indication
  145. Xback from its system call.  It is assumed that the application will
  146. Xdeal with such an error in an intelligent fashion.  All Sun daemons
  147. Xthat we have tried seem to handle this correctly: they merely do the
  148. Xsystem call again.
  149. X
  150. XThe application will only see success for machines that "_ok_address"
  151. Xsays are acceptable.  All other connections look like failures.
  152. X
  153. XThe function "_ok_address" reads a configuration file (normally
  154. X"/etc/securelib.conf" or "/etc/security/securelib.conf") which
  155. Xdescribes what Internet address are acceptable.
  156. X
  157. XCONFIGURATION FILE:
  158. X
  159. XThe configuration file (usually /etc/securelib.conf) is read by every
  160. Xprocess using securelib to find out which hosts are allowed to make
  161. Xconnections.  Every hour, the config file is stat'ed to see if it has
  162. Xchanged.  If it has, the file is re-read.
  163. X
  164. XThe first column in the file is the name of the process to which this
  165. Xline applies.  If this name is "all" then this line will apply to all
  166. Xprocesses using securlib on this host.  Otherwise, this name is
  167. Xchecked against the environment variable "SL_NAME" to see if that's a
  168. Xmatch.  If it does match, then the line is taken to apply to the
  169. Xcurrent process.
  170. X
  171. XThe mask field (the last field on each line) is a set of bits which
  172. Xare taken out of the source host's address before further comparison.
  173. XThese are bits in the address which can be ignored.
  174. X
  175. XThe address field (the second field on each line) is the address which
  176. Xthe source host's address must match in order for a connection to be
  177. Xsuccessful.  The source address is only compared to this address after
  178. Xthe bits specified by the mask field have been cancelled out.
  179. X
  180. XFor example, the line:
  181. X
  182. Xall    128.199.0.0    0.0.255.255
  183. X
  184. Xwould apply to all programs using securelib and would allow
  185. Xconnections from hosts whose address start with 128.199.
  186. X
  187. XA host is allowed to connect if *any* of the lines in the config file,
  188. Xwhich apply to that process, give it access.  There is no way to
  189. Xspecify a "deny" line which would cause unconditional rejection of
  190. Xcertain addresses.
  191. X
  192. XSTARTING A SECURELIB PROCESS:
  193. X
  194. X"make install" will install both the "start" script and the securelib
  195. Xshared library in the destination specified in Makefile (usually
  196. X"/usr/lib/secure").  To start a process using securelib, use the
  197. Xcommand:
  198. X
  199. X    /usr/lib/secure/start <program> <arguments>
  200. X
  201. XThis will pass the correct "SL_NAME" environment variable to the program and
  202. Xwill set the correct LD_LIBRARY_PATH so that the program uses securelib.
  203. X
  204. XSPECIAL NOTE TO SunOS 4.1.2 USERS:
  205. X
  206. XThere is essentially a bug in /usr/etc/shlib.etc/Makefile.  The line
  207. Ximmediately following "libc.so:" looks like this:
  208. X
  209. X        ld -assert pure-text `${OBJSORT} lorder-sparc tmp`
  210. X
  211. XIt should look like this:
  212. X
  213. X        ld -assert pure-text `${OBJSORT} lorder-sparc tmp` -ldl
  214. X
  215. XAlthough I have not actually tested securelib on a 4.1.2 system, I am
  216. Xfairly certain that you will need to make this change before securelib
  217. Xwill compile and link successfully under 4.1.2.
  218. X
  219. XINSTALLATION:
  220. X
  221. XCreate a file called "securelib.conf" in the source directory, using the
  222. Xfile "securelib.conf.ex" as an example.  Be sure to tailor this file
  223. Xto your site's needs.  You should also make sure that you include a
  224. Xrule for the loopback network:
  225. X
  226. Xall             127.0.0.0       0.255.255.255
  227. X
  228. XEdit the Makefile and make changes as appropriate to the definitions
  229. Xof SHLIB, DESTDIR, and CONFFILE.  SHLIB defines the location of Sun's
  230. Xshlib.etc directory as extracted from the installation tape.  This
  231. Xwill almost certainly be "/usr/lib/shlib.etc".  DESTDIR is the
  232. Xdirectory in which you want the secure library (libc.so.X.X.X) and the
  233. X"start" shell script installed.  CONFFILE is the full name of the
  234. Xinstalled configuration file.  The Makefile will set compile-time
  235. Xconstants indicating the location of the configuration file, and it
  236. Xwill also install "securelib.conf" from the current directory as the
  237. Xname specified by CONFFILE in the "make install" step.
  238. X
  239. XThe process of buliding the new shared library uses the Makefile in
  240. X/usr/lib/shlib.etc.  Unfortunately, this Makefile assumes that "."
  241. Xis on your path.  Make sure that this is the case or the make will
  242. Xfail with a message like "objsort: not found".
  243. X
  244. XOnce you have made these changes, type "make install" and everything
  245. Xshould go smoothly.  Typing just "make" will build the new library in
  246. Xthe SHLIB directory, but it will not install it.
  247. X
  248. XCHOOSING APPROPRIATE LOCATIONS:
  249. X
  250. XTwo good places for securelib.conf are "/etc" and "/etc/security".
  251. XThe advantage of placing it in "/etc/security" is that non-root users
  252. Xwill not be able to determine which Internet addresses are accepted by
  253. Xthe sensitive daemons.  This is an extra measure of security, similar
  254. Xto protecting /.rhosts.  However, the disadvantage is that use of the
  255. Xsecure shared library is then restricted to only root processes (since
  256. Xonly root can read the configuration file).  If you need non-root
  257. Xprocesses to use securelib, or if you do not feel a need to protect
  258. Xthe information in the configuration file, then place the file in "/etc".
  259. X
  260. XThe location of the library itself is typically "/usr/lib/secure".
  261. XThere is no reasonable place to put the library in the Sun file system
  262. Xheirarchy, so I just invented a new directory.  REPLACING OR
  263. XSUPERCEDING THE EXISTING libc LIBRARY IS NOT RECOMMENDED!!!  The
  264. Xintent of this package is to provide an alternate libc that can be
  265. Xused only on selected server processes (usually servers that are
  266. Xstarted at boot time).  The alternate library is selected by setting
  267. XLD_LIBRARY_PATH before starting the server.
  268. X
  269. XUSING THE ALTERNATE LIBRARY:
  270. X
  271. XNow decide which servers you want to protect.  I personally have
  272. Xchosen portmap, rpc.pwdauthd, ypserv, and rpc.yppasswdd.  Another
  273. Xpossibility is nfsd, but remember that each packet received by nfsd
  274. Xmust be verified by "_ok_address".  This may have a noticeable impact
  275. Xon nfs performance.
  276. X
  277. XModify /etc/rc.local so that it starts the daemon with the "start"
  278. Xscript.  What I have done locally is put some code at the very
  279. Xbeginning of rc.local to determine if the secure library is available
  280. Xon the system and set an environment variable accordingly:
  281. X
  282. X    SECURE=""
  283. X    if [ -x /usr/lib/secure/start ]; then
  284. X            SECURE="/usr/lib/secure/start"
  285. X    fi
  286. X
  287. XNow any daemon which I want to protect is started with a line like
  288. Xthis:
  289. X
  290. X        $SECURE portmap;                echo 'starting rpc port mapper.'
  291. X
  292. XIf the shell script does not exist on the machine being booted, then
  293. XSECURE will be null and "$SECURE portmap" will expand to merely "portmap".
  294. X
  295. XNOTE TO CUSTOM SHARED LIBRARY BUILDERS:
  296. X
  297. XIf you have already built a customized shared library, for example if
  298. Xyou have built a shared library with alternate gethost* routines for
  299. Xname resolution, you can still use this package.  Just make sure that
  300. Xbefore you type "make", the object files for your alternate library
  301. Xare already in place in SHLIB/tmp.  If the "tmp" subdirectory already
  302. Xexists, then this package will not recreate it or re-extract
  303. Xlibc_pic.a.  However, it WILL overwrite tmp/accept.o, tmp/recvfrom.o,
  304. Xand tmp/recvmsg.o.  And it will add a line to lorder-sparc (after
  305. Xsaving the original in lorder-sparc.orig).
  306. X
  307. X
  308. XDISCLAIMERS:
  309. X
  310. XIMPORTANT NOTE:  THIS LIBRARY DOES NOT GUARANTEE THAT YOUR MACHINE IS
  311. XSECURE!!!  This library enhances security---it does not guarantee it.
  312. XIt can be used to plug several known security holes on machines running
  313. XSunOS 4.1 and 4.1.x.
  314. X
  315. XNO WARRANTY:
  316. X
  317. XBECAUSE "securelib" IS DISTRIBUTED FREE OF CHARGE, THERE IS ABSOLUTELY
  318. XNO WARRANTY PROVIDED, TO THE EXTENT PERMITTED BY APPLICABLE STATE LAW.
  319. XEXCEPT WHEN OTHERWISE STATED IN WRITING, NORTHWESTERN UNIVERSITY,
  320. XWILLIAM N. LeFEBVRE AND/OR OTHER PARTIES PROVIDE "securelib" "AS IS"
  321. XWITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
  322. XBUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
  323. XFITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY
  324. XAND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE "securelib"
  325. XPROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY
  326. XSERVICING, REPAIR OR CORRECTION.
  327. X
  328. XIN NO EVENT WILL NORTHWESTERN UNIVERSITY, WILLIAM N. LeFEBVRE, AND/OR
  329. XANY OTHER PARTY WHO MAY MODIFY AND REDISTRIBUTE "securelib", BE LIABLE
  330. XTO YOU FOR DAMAGES, INCLUDING ANY LOST PROFITS, LOST MONIES, OR OTHER
  331. XSPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
  332. XINABILITY TO USE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
  333. XBEING RENDERED INACCURATE OR LOSSES SUSTAINED BY THIRD PARTIES OR A
  334. XFAILURE OF THE PROGRAM TO OPERATE WITH OTHER PROGRAMS) THE PROGRAM,
  335. XEVEN IF YOU HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR
  336. XFOR ANY CLAIM BY ANY OTHER PARTY.
  337. END_OF_FILE
  338.   if test 11209 -ne `wc -c <'README'`; then
  339.     echo shar: \"'README'\" unpacked with wrong size!
  340.   fi
  341.   # end of 'README'
  342. fi
  343. if test -f 'Makefile' -a "${1}" != "-c" ; then 
  344.   echo shar: Will not clobber existing file \"'Makefile'\"
  345. else
  346.   echo shar: Extracting \"'Makefile'\" \(1486 characters\)
  347.   sed "s/^X//" >'Makefile' <<'END_OF_FILE'
  348. X#  securelib:  a package to enhance network security.
  349. X#
  350. X#  Written by William LeFebvre, EECS Department, Northwestern University
  351. X#  Internet address:  phil@eecs.nwu.edu
  352. X
  353. X#  SHLIB is the location of Sun's "shared library" option.
  354. X
  355. XSHLIB = /usr/lib/shlib.etc
  356. X
  357. X#  DESTDIR is the directory where you want the secure libc installed
  358. X#  NOTE:  it is NOT recommended that you install it in /usr/lib!
  359. X
  360. XDESTDIR = /usr/lib/secure
  361. X
  362. X# CONFFILE is the path name of the configuration file.  See the file
  363. X# securelib.conf.ex in this distribution for an example.  Then create
  364. X# your own securelib.conf.  The Makefile will copy it in to CONFFILE
  365. X# during the installation step.
  366. X
  367. XCONFFILE = /etc/securelib.conf
  368. X
  369. XOBJS = accept.o recvfrom.o recvmsg.o _okaddr.o
  370. X
  371. XFILES = README Makefile accept.c recvfrom.c recvmsg.c _okaddr.c \
  372. X    patchlevel.h extract_lib install_newlib start.X securelib.conf.ex
  373. X
  374. XCFLAGS=-pic -DCONF_FILE=\"$(CONFFILE)\"
  375. X
  376. Xall: shlib
  377. X
  378. Xshlib: objs
  379. X    ./extract_lib $(SHLIB)
  380. X    cp $(OBJS) $(SHLIB)/tmp
  381. X    (cd $(SHLIB); make)
  382. X    touch shlib
  383. X
  384. Xobjs: $(OBJS)
  385. X    touch objs
  386. X
  387. Xinstall: shlib securelib.conf
  388. X    ./install_newlib $(SHLIB) $(DESTDIR)
  389. X    sed -e "s|%DESTDIR%|$(DESTDIR)|" start.X >$(DESTDIR)/start
  390. X    chmod +x $(DESTDIR)/start
  391. X    cp securelib.conf $(CONFFILE)
  392. X
  393. Xsecurelib.conf:
  394. X    @echo "You need to create your own 'securelib.conf' file before"
  395. X    @echo "running 'make install'.  Please read the instructions!"
  396. X    @exit 1
  397. X
  398. Xclean:
  399. X    rm -f $(OBJS) shlib objs
  400. X
  401. Xtar:
  402. X    rm -f securelib.tar
  403. X    tar cvf securelib.tar $(FILES)
  404. END_OF_FILE
  405.   if test 1486 -ne `wc -c <'Makefile'`; then
  406.     echo shar: \"'Makefile'\" unpacked with wrong size!
  407.   fi
  408.   # end of 'Makefile'
  409. fi
  410. if test -f 'accept.c' -a "${1}" != "-c" ; then 
  411.   echo shar: Will not clobber existing file \"'accept.c'\"
  412. else
  413.   echo shar: Extracting \"'accept.c'\" \(693 characters\)
  414.   sed "s/^X//" >'accept.c' <<'END_OF_FILE'
  415. X/*
  416. X *  securelib:  a package to enhance network security.
  417. X *
  418. X *  Written by William LeFebvre, EECS Department, Northwestern University
  419. X *  Internet address:  phil@eecs.nwu.edu
  420. X */
  421. X
  422. X#include <sys/types.h>
  423. X#include <sys/socket.h>
  424. X#include <sys/syscall.h>
  425. X#include <errno.h>
  426. X
  427. Xaccept(s, addr, addrlen)
  428. X
  429. Xint s;
  430. Xstruct sockaddr *addr;
  431. Xint *addrlen;
  432. X
  433. X{
  434. X    register int retval;
  435. X    struct sockaddr sa;
  436. X    int salen;
  437. X
  438. X    salen = sizeof(sa);
  439. X    if ((retval = syscall(SYS_accept, s, &sa, &salen)) >= 0)
  440. X    {
  441. X    if (_ok_address(retval, &sa, salen))
  442. X    {
  443. X        _addrcpy(addr, addrlen, &sa, salen);
  444. X        return (retval);
  445. X    }
  446. X    close(retval);
  447. X    errno = ECONNREFUSED;
  448. X    return (-1);
  449. X    }
  450. X    return (retval);
  451. X}
  452. X
  453. END_OF_FILE
  454.   if test 693 -ne `wc -c <'accept.c'`; then
  455.     echo shar: \"'accept.c'\" unpacked with wrong size!
  456.   fi
  457.   # end of 'accept.c'
  458. fi
  459. if test -f 'install_newlib' -a "${1}" != "-c" ; then 
  460.   echo shar: Will not clobber existing file \"'install_newlib'\"
  461. else
  462.   echo shar: Extracting \"'install_newlib'\" \(181 characters\)
  463.   sed "s/^X//" >'install_newlib' <<'END_OF_FILE'
  464. X#!/bin/csh -f
  465. Xif (! -e $2) then
  466. X    echo mkdir $2
  467. X    mkdir $2
  468. Xendif
  469. Xecho cd $1
  470. Xcd $1
  471. Xset a = `cat TMP_FILE | awk -f awkfile`
  472. Xecho cp libc.so.$a $2/libc.so.$a
  473. Xcp libc.so.$a $2/libc.so.$a
  474. END_OF_FILE
  475.   if test 181 -ne `wc -c <'install_newlib'`; then
  476.     echo shar: \"'install_newlib'\" unpacked with wrong size!
  477.   fi
  478.   # end of 'install_newlib'
  479. fi
  480. if test -f 'recvfrom.c' -a "${1}" != "-c" ; then 
  481.   echo shar: Will not clobber existing file \"'recvfrom.c'\"
  482. else
  483.   echo shar: Extracting \"'recvfrom.c'\" \(637 characters\)
  484.   sed "s/^X//" >'recvfrom.c' <<'END_OF_FILE'
  485. X/*
  486. X *  securelib:  a package to enhance network security.
  487. X *
  488. X *  Written by William LeFebvre, EECS Department, Northwestern University
  489. X *  Internet address:  phil@eecs.nwu.edu
  490. X */
  491. X
  492. X#include <sys/types.h>
  493. X#include <sys/socket.h>
  494. X#include <sys/syscall.h>
  495. X#include <errno.h>
  496. X
  497. Xrecvfrom(s, buf, len, flags, from, fromlen)
  498. X
  499. Xint s;
  500. Xchar *buf;
  501. Xint len, flags;
  502. Xstruct sockaddr *from;
  503. Xint *fromlen;
  504. X
  505. X{
  506. X    register int retval;
  507. X
  508. X    if ((retval = syscall(SYS_recvfrom, s, buf, len, flags, from, fromlen)) >= 0)
  509. X    {
  510. X    if (_ok_address(s, from, *fromlen))
  511. X    {
  512. X        return (retval);
  513. X    }
  514. X    errno = ECONNREFUSED;
  515. X    return (-1);
  516. X    }
  517. X    return (retval);
  518. X}
  519. END_OF_FILE
  520.   if test 637 -ne `wc -c <'recvfrom.c'`; then
  521.     echo shar: \"'recvfrom.c'\" unpacked with wrong size!
  522.   fi
  523.   # end of 'recvfrom.c'
  524. fi
  525. if test -f 'recvmsg.c' -a "${1}" != "-c" ; then 
  526.   echo shar: Will not clobber existing file \"'recvmsg.c'\"
  527. else
  528.   echo shar: Extracting \"'recvmsg.c'\" \(603 characters\)
  529.   sed "s/^X//" >'recvmsg.c' <<'END_OF_FILE'
  530. X/*
  531. X *  securelib:  a package to enhance network security.
  532. X *
  533. X *  Written by William LeFebvre, EECS Department, Northwestern University
  534. X *  Internet address:  phil@eecs.nwu.edu
  535. X */
  536. X
  537. X#include <sys/types.h>
  538. X#include <sys/socket.h>
  539. X#include <sys/syscall.h>
  540. X#include <errno.h>
  541. X
  542. Xrecvmsg(s, msg, flags)
  543. X
  544. Xint s;
  545. Xstruct msghdr *msg;
  546. Xint flags;
  547. X
  548. X{
  549. X    register int retval;
  550. X
  551. X    if ((retval = syscall(SYS_recvmsg, s, msg, flags)) >= 0)
  552. X    {
  553. X    if (_ok_address(s, (struct sockaddr *)(msg->msg_name),
  554. X            msg->msg_namelen))
  555. X    {
  556. X        return (retval);
  557. X    }
  558. X    errno = ECONNREFUSED;
  559. X    return (-1);
  560. X    }
  561. X    return (retval);
  562. X}
  563. END_OF_FILE
  564.   if test 603 -ne `wc -c <'recvmsg.c'`; then
  565.     echo shar: \"'recvmsg.c'\" unpacked with wrong size!
  566.   fi
  567.   # end of 'recvmsg.c'
  568. fi
  569. if test -f 'securelib.conf.ex' -a "${1}" != "-c" ; then 
  570.   echo shar: Will not clobber existing file \"'securelib.conf.ex'\"
  571. else
  572.   echo shar: Extracting \"'securelib.conf.ex'\" \(675 characters\)
  573.   sed "s/^X//" >'securelib.conf.ex' <<'END_OF_FILE'
  574. X#
  575. X# Example config file for securelib.
  576. X#
  577. X# Lines starting with "all" apply to all processes.  Otherwise the first
  578. X# column has to match the environment variable "SL_NAME".  Up to eight config
  579. X# lines can apply to each process.  Mask specifies bits that aren't counted.
  580. X# After those bits are taken out, the connection address must match the
  581. X# address in the middle column.
  582. X#
  583. X# Since the buffer for reading this file is fairly small, it's probably a
  584. X# good idea to use a file with as few comments and spaces in it as possible.
  585. X#
  586. X# <name>    <address>    <mask>
  587. X#
  588. Xall        127.0.0.0    0.255.255.255
  589. Xall        128.197.0.0    0.0.255.255
  590. Xall        128.210.32.0    0.0.0.255
  591. Xportmap        128.210.0.0    0.0.255.255
  592. END_OF_FILE
  593.   if test 675 -ne `wc -c <'securelib.conf.ex'`; then
  594.     echo shar: \"'securelib.conf.ex'\" unpacked with wrong size!
  595.   fi
  596.   # end of 'securelib.conf.ex'
  597. fi
  598. if test -f 'securelib.ps.C' -a "${1}" != "-c" ; then 
  599.   echo shar: Will not clobber existing file \"'securelib.ps.C'\"
  600. else
  601.   echo shar: Extracting \"'securelib.ps.C'\" \(38580 characters\)
  602.   sed "s/^X//" >'securelib.ps.C' <<'END_OF_FILE'
  603. Xo(et's)g(p)q(eer)h(against)e(a)189 1259 y(con\014gurable)f(list)f(of)g(allo)o
  604. X(w)o(ed)f(hosts.)18 b(If)10 b(the)i(p)q(eer)g(is)e(not)h(found)f(in)h(the)g
  605. X(list,)f(then)i(the)f(augmen)o(ted)189 1309 y(call)i(returns)i(an)f
  606. X(indication)f(of)g(failure)g(to)h(the)g(caller.)75 1452 y Fl(1)69
  607. Xb(The)23 b(Problem)e(of)i(Net)n(w)n(ork)g(Services)75 1554
  608. Xy Fk(Lo)q(cal)c(net)o(w)o(orking)e(tec)o(hnology)h(has)g(pro)o(vided)h(a)f(v)
  609. Xo(ery)f(p)q(o)o(w)o(erful)h(mec)o(hanism)h(for)e(the)h(in)o(teraction)75
  610. X1610 y(of)f(m)o(ultiple)i(mac)o(hine.)28 b(Services)19 b(and)f(information)f
  611. X(can)h(b)q(e)g(pro)o(vided)h(for)d(mac)o(hines)j(on)e(the)h(lo)q(cal)75
  612. X1667 y(net)o(w)o(ork)e(via)h(serv)o(ers,)g(or)f(daemons,)i(running)g(on)f(a)f
  613. X(select)i(n)o(um)o(b)q(er)g(of)e(hosts.)25 b(These)17 b(services)h(are)75
  614. X1723 y(vital)h(to)f(the)g(op)q(eration)g(of)g(the)h(lo)q(cal)g(en)o(vironmen)
  615. Xo(t)g(and)f(their)h(presence)g(mak)o(es)f(managemen)o(t)f(of)75
  616. X1780 y(the)e(mac)o(hines)h(signi\014can)o(tly)h(easier.)146
  617. X1836 y(A)o(t)k(the)h(same)g(time)g(that)f(lo)q(cal)i(net)o(w)o(orking)f(tec)o
  618. X(hnology)g(has)f(explo)q(ded,)k(so)d(has)g(wide)h(area)75 1893
  619. Xy(net)o(w)o(orking.)f(As)16 b(a)g(result,)h(most)e(\(if)h(not)g(all\))h(of)f
  620. X(the)g(daemons)g(whic)o(h)h(in)o(tend)g(to)e(pro)o(vide)i(services)75
  621. X1949 y(for)d(the)g(lo)q(cal)i(net)o(w)o(ork)d(inadv)o(erten)o(tly)j(pro)o
  622. X(vide)f(access)f(to)g(mac)o(hines)i(all)f(around)f(the)h(w)o(orld.)20
  623. Xb(These)75 2006 y(lo)q(opholes)e(can)g(b)q(e)f(and)g(ha)o(v)o(e)g(b)q(een)h
  624. X(exploited)h(b)o(y)e(unscrupulous)h(individual)q(s)i(of)c(malicious)j(in)o
  625. X(ten)o(t)75 2062 y([5)o(].)146 2118 y(The)12 b(most)g(striking)g(example)i
  626. X(of)e(this)g(problem)h(is)g(Sun's)g(Net)o(w)o(ork)e(Information)h(Service)i
  627. X(\(NIS\))1843 2102 y Fj(1)1862 2118 y Fk(.)75 2175 y(This)k(service)f(pro)o
  628. X(vides)h(a)e(great)h(deal)g(of)g(critical)h(information)f(for)g(a)f
  629. XFi(unix)h Fk(system,)f(including)k(the)75 2231 y(data)14 b(normally)h(found)f
  630. X(in)i Fh(/etc/passwd)p Fk(,)c(and)j(esp)q(ecially)i(including)g(encrypted)e
  631. X(passw)o(ords.)k(A)14 b(list)75 2288 y(of)h(kno)o(wn)g(accoun)o(t)g(names)h
  632. X(is)f(an)h(incredible)i(b)q(ene\014t)f(to)d(an)i(abuser,)f(and)g(common)g
  633. X(passw)o(ords)g(can)75 2344 y(b)q(e)i(easily)g(disco)o(v)o(ered)f(from)g
  634. X(their)g(encrypted)h(forms)e([4)o(].)22 b(In)17 b(all)g(curren)o(tly)f
  635. X(distributed)i(forms,)d(the)75 2401 y(program)h(whic)o(h)h(pro)o(vides)g
  636. X(this)h(information,)e Fh(ypserv)p Fk(,)g(will)j(gladly)e(giv)o(e)g(this)g
  637. X(information)g(out)g(to)75 2457 y(an)o(y)e(mac)o(hine)h(that)e(asks)h(for)g
  638. X(it.)20 b(Only)c(the)f(name)h(of)e(the)i(NIS)g(domain)f(is)h(needed.)146
  639. X2514 y(Sites)c(whic)o(h)g(no)o(w)f(use)h(Sun's)g(\\adjunct)f(\014les")h(to)f
  640. X(protect)g(encrypted)h(passw)o(ords)f(ma)o(y)g(ha)o(v)o(e)g(lured)75
  641. X2570 y(themselv)o(es)h(in)o(to)f(a)g(false)g(sense)h(of)f(securit)o(y)l(.)19
  642. Xb(All)12 b(the)g(data)e(in)i(the)g Fh(passwd)e Fk(map)h(except)h(the)f(passw)
  643. Xo(ord)p 75 2611 720 2 v 127 2638 a Fg(1)144 2654 y Ff(In)i(a)g(previous)i
  644. X(life,)f(NIS)e(w)o(as)h(kno)o(wn)h(as)f(Y)m(ello)o(w)h(P)o(ages)f(\(YP\).)p
  645. Xeop
  646. X%%Page: 2 2
  647. Xbop 75 8 a Fk(is)18 b(still)g(a)o(v)m(ailable)h(to)e(an)o(y)o(one)f(who)h
  648. X(can)h(guess)f(the)g(domain)h(name,)f(including)j(usernames)d(and)h(full)75
  649. X64 y(names.)i(Sites)15 b(whic)o(h,)h(for)e(the)h(sak)o(e)g(of)f(con)o(v)o
  650. X(enience,)i(pro)o(vide)g(NIS)g(maps)e(for)h(the)g(adjunct)g(\014les)h(via)75
  651. X121 y(the)i(map)g Fh(passwd.adjunct)e Fk(are)i(putting)g(themselv)o(es)h(bac)
  652. Xo(k)f(in)g(the)h(same)e(p)q(osition)i(they)f(w)o(ere)g(in)75
  653. X177 y(b)q(efore)e(using)g(the)f(adjunct)h(\014les.)21 b(Although)16
  654. Xb(it)g(is)g(true)f(that)g Fh(ypserv)f Fk(will)j(only)f(answ)o(er)f(queries)i
  655. X(for)75 233 y(\\protected")e(maps)g(if)g(the)h(originator)f(of)g(the)g(query)
  656. Xg(is)h(uid)h(0,)d(no)h(c)o(hec)o(k)h(is)g(made)f(against)g(the)g(host)75
  657. X290 y(whic)o(h)i(originated)f(the)g(request.)22 b(So)16 b(uid)h(0)f(on)g(an)o
  658. X(y)f(In)o(ternet)h(host)g(can)g(still)h(obtain)f(the)g(encrypted)75
  659. X346 y(passw)o(ords.)146 403 y(Other)c(examples)h(exist)f(as)g(w)o(ell.)20
  660. Xb(Ev)o(en)12 b(for)f(a)h(minimal)h(lev)o(el)h(of)e(securit)o(y)l(,)g(some)g
  661. X(net)o(w)o(ork)f(services)75 459 y(m)o(ust)k(b)q(e)g(activ)o(ely)h(protected)
  662. Xg(from)e(access)h(b)o(y)g(non-lo)q(cal)i(mac)o(hines.)75 600
  663. Xy Fl(2)69 b(P)n(ossible)22 b(Solutions)75 703 y Fe(2.1)56 b(The)18
  664. Xb(Firew)n(all)75 789 y Fk(The)j(most)f(sev)o(ere)h(form)f(of)g(protection)h
  665. X(is)g(a)g(net)o(w)o(ork)e(barrier)i(b)q(et)o(w)o(een)g(the)g(lo)q(cal)h
  666. X(organization)75 845 y(and)c(the)g(rest)f(of)g(the)h(w)o(orld)f([1].)27
  667. Xb(This)18 b(barrier,)g(usually)h(called)g(a)f Fd(\014r)n(ewal)r(l)p
  668. XFk(,)f(is)h(con\014gured)g(so)g(that)75 902 y(only)d(pac)o(k)o(ets)f(for)g
  669. X(sp)q(eci\014c)i(services)f(are)g(forw)o(arded)e(b)q(et)o(w)o(een)i(lo)q(cal)
  670. Xh(and)e(global)h(net)o(w)o(orks.)k(Exactly)75 958 y(whic)o(h)f(pac)o(k)o(ets)
  671. Xe(are)g(forw)o(arded)g(is)i(determined)g(b)o(y)f(the)f(net)o(w)o(ork)g
  672. X(administrator)h(or)f(his)i(sup)q(eriors.)75 1014 y(T)o(ypically)k(it)f(is)g
  673. X(limited)i(to)c(a)i(v)o(ery)f(few)g(proto)q(cols,)i(including)h(SMTP)d(and)h
  674. X(NNTP)g(but)f(almost)75 1071 y(alw)o(a)o(ys)14 b(excluding)j(remote)d(login)i
  675. X(and)f(\014le)h(transfer)e(proto)q(cols)h(\(suc)o(h)f(as)h(T)l(elnet,)g(FTP)l
  676. X(,)f(and)h(rexec\).)146 1127 y(A)g(\014rew)o(all)g(insures)h(the)f(highest)h
  677. X(lev)o(el)g(of)f(securit)o(y)g(short)g(of)f(remo)o(ving)h(the)g(outside)h
  678. X(connection)75 1184 y(altogether)i([2)o(].)29 b(But)18 b(this)h(securit)o(y)f
  679. X(tak)o(es)g(its)g(toll)h(in)g(the)f(form)g(of)g(added)h(incon)o(v)o(enience)h
  680. X(for)e(the)75 1240 y(legitimate)12 b(users.)18 b(An)o(y)11
  681. Xb(remote)f(logins)h(whic)o(h)h(lo)q(cal)g(users)e(wish)h(to)f(mak)o(e)h(m)o
  682. X(ust)f(b)q(e)h(done)g(it)g(t)o(w)o(o)e(hops:)75 1297 y(a)18
  683. Xb(login)h(in)o(to)f(the)h(\014rew)o(all,)g(then)g(a)f(login)h(from)f(there)g
  684. X(to)g(the)g(remote)g(host.)29 b(Most)17 b(organizations)75
  685. X1353 y(pro)o(vide)g(a)g(mec)o(hanism)h(to)e(mak)o(e)g(this)i(nearly)f
  686. X(transparen)o(t)f(to)h(the)g(lo)q(cal)h(users.)25 b(Other)17
  687. Xb(activities,)75 1410 y(suc)o(h)f(as)e(FTP)l(,)h(remain)g(problematical.)146
  688. X1466 y(Un)o(til)c(global)h(net)o(w)o(orks)d(and)i(net)o(w)o(ork)e(proto)q
  689. X(cols)i(reac)o(h)g(a)f(sup)q(erior)h(lev)o(el)h(of)f(securit)o(y)l(,)g(the)g
  690. X(\014rew)o(all)75 1523 y(will)20 b(remain)e(the)g(only)g(c)o(hoice)h(for)e
  691. X(man)o(y)h(organizations.)28 b(Still,)19 b(there)f(are)g(alternativ)o(es)g
  692. X(for)f(those)75 1579 y(who)e(are)g(willing)i(to)e(sacri\014ce)h(a)f(small)h
  693. X(amoun)o(t)e(of)h(securit)o(y)l(.)75 1698 y Fe(2.2)56 b(Secure)18
  694. Xb(RPC)75 1784 y Fi(Rpc)h Fk(do)q(es)f(not)g(enforce)g(an)o(y)g(sp)q(eci\014c)
  695. Xi(authen)o(tication)e(sc)o(heme.)29 b(Rather)18 b(it)h(uses)f(op)q(en-ended)i
  696. X(au-)75 1840 y(then)o(tication,)e(allo)o(wing)g(the)f(applications)i(to)d(sp)
  697. Xq(ecify)j(what)d(t)o(yp)q(e)i(they)f(require.)27 b(Curren)o(tly)17
  698. Xb(most)75 1897 y Fi(rpc)e Fk(implemen)o(tations)h(pro)o(vide)g(only)f(t)o(w)o
  699. X(o)f(forms)g(of)g(authen)o(tication:)20 b Fi(unix)14 b Fk(and)h
  700. XFi(des)p Fk(.)20 b(Those)15 b(who)75 1953 y(are)h(seriously)h(concerned)h(ab)
  701. Xq(out)e(the)g(securit)o(y)h(of)f Fi(rpc)h Fk(comm)o(unications)g(ma)o(y)f(c)o
  702. X(ho)q(ose)g(to)g(use)g Fi(des)75 2010 y Fk(authen)o(tication,)e(whic)o(h)g
  703. X(actually)g(encrypts)g(the)f(information)h(in)g(the)f Fi(rpc)h
  704. XFk(transaction)f([6)o(,)h(pp.)f(429{)75 2066 y(437].)75 2185
  705. Xy Fe(2.3)56 b(Explicit)16 b(Serv)n(er)i(Chec)n(king)75 2271
  706. Xy Fk(The)g(most)f(ob)o(vious)g(form)g(of)h(protection)f(tak)o(es)g(place)i
  707. X(in)f(the)g(serv)o(er)f(itself.)28 b(When)18 b(a)f(serv)o(er)h(suc)o(h)75
  708. X2327 y(as)d Fh(ypserv)g Fk(receiv)o(es)i(a)f(request,)f(it)h(\014rst)g(c)o
  709. X(hec)o(ks)g(the)g(address)g(of)f(the)h(originator)f(to)h(determine)g(if)h(it)
  710. X75 2384 y(is)h(a)f(\\trusted")g(host.)26 b(It)18 b(is)g(the)g(opinion)h(of)e
  711. X(this)h(author)f(that)g(all)h Fi(unix)f Fk(systems)g(should)h(pro)o(vide)75
  712. X2440 y(this)f(functionalit)o(y)g(in)h(the)e(form)g(of)f(library)j(functions)f
  713. X(and)f(that)g(serv)o(ers)g(whic)o(h)h(pro)o(vide)g(sensitiv)o(e)75
  714. X2497 y(information)f(use)h(suc)o(h)g(functions)g(to)f(protect)f(themselv)o
  715. X(es.)24 b(Unfortunately)l(,)17 b(few)f(v)o(endors)g(had)h(the)75
  716. X2553 y(foresigh)o(t)e(to)f(pro)o(vide)i(suc)o(h)g(functionalit)o(y)l(.)146
  717. X2610 y(V)l(ery)11 b(recen)o(tly)i(Sun)f(b)q(egan)g(pro)o(viding)g(binaries)h
  718. X(whic)o(h)f(do)g(this)g(sort)e(of)i(c)o(hec)o(king)g([3)o(])f(b)o(y)h
  719. X(releasing)75 2666 y(patc)o(h)j(100482{2.)j(But)d(this)h(patc)o(h)f(falls)h
  720. X(short)e(in)i(sev)o(eral)f(w)o(a)o(ys:)p eop
  721. X%%Page: 3 3
  722. Xbop 143 8 a Fc(\017)23 b Fk(it)15 b(is)h(not)f(y)o(et)f(part)h(of)g(an)o(y)g
  723. X(standard)f(op)q(erating)i(system)f(distribution)143 101 y
  724. XFc(\017)23 b Fk(it)15 b(only)h(protects)e(three)i(binaries:)21
  725. Xb Fh(ypserv)p Fk(,)14 b Fh(ypxfrd)p Fk(,)g Fh(portmap)143 195
  726. Xy Fc(\017)23 b Fk(the)10 b(con\014guration)h(mec)o(hanism)h(do)q(es)f(not)f
  727. X(generalize)j(w)o(ell:)18 b(it)11 b(do)q(es)g(not)g(pro)o(vide)g(a)f(mec)o
  728. X(hanism)189 252 y(to)k(selectiv)o(ely)j(protect)e(services)75
  729. X346 y(A)e(more)g(generalized)j(approac)o(h)d(is)g(needed,)i(and)f(it)f(needs)
  730. Xh(to)f(b)q(e)h(adopted,)g(implemen)o(ted,)h(and)e(used)75 402
  731. Xy(b)o(y)i Fd(al)r(l)20 b Fi(unix)14 b Fk(v)o(endors.)75 524
  732. Xy Fe(2.4)56 b(The)18 b(W)-5 b(rapp)r(er)75 609 y Fk(Since)18
  733. Xb Fi(unix)f Fk(v)o(endors)f(didn't)i(compile)g(the)f(protection)g(in)h(to)e
  734. X(their)h(daemons)g(and)g(since)h(they)f(also)75 666 y(usually)g(don't)e(giv)o
  735. X(e)h(out)g(source,)f(t)o(w)o(o)g(options)h(remain.)22 b(One)16
  736. Xb(is)g(to)g(\014nd)g(the)g(source)g(for)f(a)g(reimple-)75 722
  737. Xy(men)o(tation)f(of)f(the)h(net)o(w)o(ork)f(daemon)h(and)h(alter)f(it.)19
  738. Xb(Another)14 b(is)h(to)e(\014nd)i(a)f(w)o(a)o(y)f(to)g(wrap)h(protection)75
  739. X779 y(around)h(the)g(serv)o(er.)146 835 y(If)g(a)h(service's)g(executable)h
  740. X(is)f(in)o(v)o(ok)o(ed)g(once)g(p)q(er)g(connection)h(\(for)d(example,)i
  741. X(those)g(handled)h(b)o(y)75 892 y Fh(inet)p Fk(\),)12 b(it)h(is)g(p)q
  742. X(ossible)i(to)d(start)g(a)g(generalized)j(\\wrapp)q(er")d(program)g(whic)o(h)
  743. Xi(will)g(c)o(hec)o(k)f(and)g(p)q(ossibly)75 948 y(log)18 b(the)g(connection)h
  744. X(b)q(efore)f(in)o(v)o(oking)h(the)f(real)g(executable.)30 b(The)18
  745. Xb(pac)o(k)m(age)g(\\TCP)f(W)l(rapp)q(er")h(b)o(y)75 1005 y(Wietse)e(V)l
  746. X(enema)g(do)q(es)f(this)h([8)o(].)k(Unfortunately)l(,)c(this)g(approac)o(h)f
  747. X(will)i(not)e(w)o(ork)f(for)h(true)g(daemons)75 1061 y(suc)o(h)i(as)g
  748. XFh(ypserv)f Fk(and)i Fh(portmap)p Fk(.)24 b(A)17 b(true)g(daemon)g(is)h
  749. X(started)e(once)h(and)h(con)o(tin)o(ues)f(to)g(run)g(in)h(the)75
  750. X1118 y(bac)o(kground)d(forking)g(o\013)g(c)o(hildren)i(to)d(handle)j
  751. X(requests.)75 1261 y Fl(3)69 b(Kernel)22 b(W)-6 b(rapp)r(er)24
  752. Xb(via)e(Shared)i(Libraries)75 1362 y Fk(Starting)c(with)g(v)o(ersion)h(4.0,)e
  753. X(SunOS)j(b)q(egan)e(pro)o(viding)h(a)f(library)h(sharing)f(mec)o(hanism.)36
  754. Xb(Nearly)75 1419 y(all)18 b(executables)h(distributed)g(with)f(the)g(system)f
  755. X(are)g(link)o(ed)i(against)f(a)f(shared)g(C)h(library)l(.)28
  756. Xb(SunOS)75 1475 y(v)o(ersions)20 b(4.1)f(and)h(higher)g(also)g(pro)o(vides)g
  757. X(the)g(\014les)g(necessary)g(to)f(rebuild)j(the)e(shared)g(C)f(library)l(.)75
  758. X1532 y(With)14 b(this)g(functionalit)o(y)l(,)h(it)e(is)h(p)q(ossible)i(to)d
  759. X(build)i(sp)q(ecial-purp)q(ose)h(copies)f(of)e(the)g(shared)h(C)f(library)75
  760. X1588 y(and)i(to)f(in)o(v)o(ok)o(e)h(standard)g(executables)h(with)f
  761. X(alternate)g(libraries.)21 b(This)16 b(is)f(su\016cien)o(t)h(to)e(ho)q(ok)h
  762. X(in)h(to)75 1645 y(the)f(serv)o(ers)g(and)g(force)g(them)h(to)e(do)h
  763. X(appropriate)g(source)h(v)o(eri\014cation.)75 1766 y Fe(3.1)56
  764. Xb(Implem)o(en)n(tation)75 1852 y Fk(T)l(o)22 b(understand)g(the)h(implemen)o
  765. X(tation,)h(one)f(m)o(ust)e(\014rst)h(understand)g(a)g(v)o(ery)g(fundamen)o
  766. X(tal)h(fact)75 1909 y(ab)q(out)17 b(the)g Fi(unix)f Fk(C)g(run-time)i
  767. X(library)l(.)25 b(All)19 b(k)o(ernel)e(calls)h([7)o(])f(are)f(implemen)o(ted)
  768. Xj(b)o(y)d(a)h(fron)o(t)f(end)h(in)75 1965 y(the)h(C)f(library)l(.)28
  769. Xb(Di\013eren)o(t)17 b(computers)g(will)i(ha)o(v)o(e)e(di\013eren)o(t)h(mac)o
  770. X(hine)h(instructions)f(for)f(generating)75 2021 y(the)e(protected)g(trap)g
  771. X(required)h(of)f(k)o(ernel)h(calls,)f(and)h(the)f(fron)o(t-end)g(routines)h
  772. X(hide)g(this)g(detail)g(from)75 2078 y(C)k(programmers.)36
  773. Xb(The)21 b(C)f(run-time)i(library|the)g(same)e(library)i(whic)o(h)f(con)o
  774. X(tains)g Fh(printf)f Fk(and)75 2134 y Fh(malloc)p Fk(|also)d(con)o(tains)h(a)
  775. Xf(fron)o(t-end)h(function)g(for)f(ev)o(ery)h(k)o(ernel)g(call.)29
  776. Xb(F)l(or)17 b(example,)h(the)g(k)o(ernel)75 2191 y(call)k Fh(write)e
  777. XFk(actually)h(exists)g(as)f(a)h(function)g(in)h(the)e(C)h(library)l(.)37
  778. Xb(This)21 b(function)h(is)f(trivial:)32 b(after)75 2247 y(p)q(ossibly)16
  779. Xb(mo)o(ving)f(or)f(rearranging)g(the)h(argumen)o(ts,)f(it)h(merely)g
  780. X(executes)h(the)e(appropriate)h(mac)o(hine)75 2304 y(language)g(\\trap")f
  781. X(instruction.)146 2360 y(Since)20 b(the)g(fron)o(t-end)f(functions)i(exist)e
  782. X(in)i(the)e(C)g(library)l(,)j(the)d(SunOS)i(shared)e(library)i(mec)o(h-)75
  783. X2417 y(anism)e(allo)o(ws)f(a)g(su\016cien)o(tly)i(clev)o(er)f(individual)j
  784. X(to)17 b(replace)j(suc)o(h)e(a)g(function,)i(e\013ectiv)o(ely)f(adding)75
  785. X2473 y(functionalit)o(y)e(to)d(an)o(y)h(k)o(ernel)h(call.)21
  786. Xb(This)16 b(is)g(what)f(the)g(secure)h(library)g(pac)o(k)m(age)f(uses)h(to)f
  787. X(implemen)o(t)75 2530 y(its)f(securit)o(y)h(c)o(hec)o(ks:)k(ev)o(ery)14
  788. Xb(k)o(ernel)h(call)g(p)q(ertaining)g(to)f(net)o(w)o(ork)f(access)h(has)g(its)
  789. Xg(fron)o(t-end)g(function)75 2586 y(replaced)i(with)g(one)f(that)g(v)o
  790. X(eri\014es)h(the)f(address)g(of)g(the)g(connecting)i(host.)p
  791. Xeop
  792. X%%Page: 4 4
  793. Xbop 575 112 a Fb(in)o(t)16 b Fd(r)n(etval)p Fk(;)575 225 y
  794. XFd(r)n(etval)h Fk(=)c Fd(sysc)n(al)r(l)s Fk(\()p Fa(:)8 b(:)g(:)n
  795. XFk(\);)575 281 y Fb(if)p Fk(\()p Fd(r)n(etval)17 b Fc(\025)c
  796. XFk(0\))575 338 y Fc(f)666 394 y Fb(if)p Fk(\()p 717 394 14
  797. X2 v 17 w Fd(ok)p 778 394 V 17 w(addr)n(ess)s Fk(\()p Fd(so)n(cket)s
  798. XFa(;)8 b Fd(addr)d Fa(;)j Fd(*addrlen)s Fk(\)\))666 451 y Fc(f)757
  799. X507 y Fb(return)o Fk(\()p Fd(r)n(etval)t Fk(\);)666 564 y Fc(g)666
  800. X620 y Fd(errno)15 b Fk(=)e Fh(ECONNREFUSED)o Fk(;)666 676 y
  801. XFb(return)o Fk(\()p Fc(\000)p Fk(1\);)575 733 y Fc(g)575 789
  802. Xy Fb(return)o Fk(\()p Fd(r)n(etval)t Fk(\);)528 944 y(Figure)j(1:)j(Basic)d
  803. X(Net)o(w)o(ork)e(W)l(rapp)q(er)h(Algorithm)146 1122 y(It)g(turns)g(out)g
  804. X(that)f(only)i(three)f(k)o(ernel)h(calls)g(need)g(suc)o(h)g(protection:)392
  805. X1206 y Fh(accept)97 b Fk(accept)16 b(a)e(connection)j(on)e(a)g(so)q(c)o(k)o
  806. X(et)392 1263 y Fh(recvfrom)49 b Fk(receiv)o(e)16 b(a)f(message)g(from)f(a)h
  807. X(connectionless)i(so)q(c)o(k)o(et)392 1319 y Fh(recvmsg)73
  808. Xb Fk(receiv)o(e)16 b(a)f(message)g(using)h(a)f Fh(struct)23
  809. Xb(msghdr)75 1404 y Fk(Other)13 b(k)o(ernel)h(calls)g(read)f(data)f(from)g
  810. X(the)h(net)o(w)o(ork,)f(but)h(only)g(if)h(the)f(data)f(is)h(read)g(from)f(a)h
  811. X(connected)75 1460 y(so)q(c)o(k)o(et.)20 b(Only)c Fh(accept)f
  812. XFk(can)g(generate)g(\014le)i(descriptors)e(for)g(connected)h(so)q(c)o(k)o
  813. X(ets.)k(Therefore,)15 b(ha)o(ving)75 1517 y Fh(accept)f Fk(v)o(erify)i(the)f
  814. X(remote)g(host)f(is)i(su\016cien)o(t.)146 1573 y(Figure)j(1)g(giv)o(es)h(the)
  815. Xf(basic)h(algorithm)g(for)e(the)i(secured)g(\\wrapp)q(er")f(functions.)33
  816. Xb(Eac)o(h)19 b(of)g(the)75 1629 y(fron)o(t-end)i(functions)g(listed)h(ab)q(o)
  817. Xo(v)o(e)e(is)i(replaced)f(with)g(a)g(wrapp)q(er)g(function)g(whic)o(h)h(is)f
  818. X(patterned)75 1686 y(after)14 b(this)i(algorithm.)k(The)15
  819. Xb(actual)h(C)f(co)q(de)h(is)f(listed)i(in)f(app)q(endix)h(A.)146
  820. X1742 y(Eac)o(h)d(replaced)j(function)e(calls)p 719 1742 V 33
  821. Xw Fd(ok)p 780 1742 V 17 w(addr)n(ess)j Fk(for)d(v)o(eri\014cation.)20
  822. Xb(It)15 b(is)h(this)f(function)h(that)e(v)o(eri\014es)75 1799
  823. Xy(the)h(remote)g(host)f(address,)h(returning)h Fd(true)g Fk(\(1\))e(if)h(the)
  824. Xh(remote)e(host)h(is)g(acceptable)i(and)e Fd(false)f Fk(\(0\))g(if)75
  825. X1855 y(it)h(is)h(not.)k(It)15 b(tak)o(es)f(three)i(argumen)o(ts:)131
  826. X1943 y(1.)22 b(a)15 b(\014le)h(descriptor)f(for)g(the)g(so)q(c)o(k)o(et)131
  827. X2035 y(2.)22 b(a)15 b(p)q(oin)o(ter)g(to)g(the)g(so)q(c)o(k)o(et)g(address)g
  828. X(\(a)f Fh(struct)24 b(sockaddr)e(*)p Fk(\))131 2126 y(3.)g(the)15
  829. Xb(length)h(of)f(the)g(so)q(c)o(k)o(et)f(address)75 2214 y(Eac)o(h)e(of)g
  830. X(these)g(v)m(alues)i(is)e(readily)i(a)o(v)m(ailable)g(to)d(eac)o(h)h(wrapp)q
  831. X(er,)h(since)g(they)g(are)f(passed)g(as)g(argumen)o(ts)75 2271
  832. Xy(\(either)k(directly)g(or)f(indirectly\))i(to)d(the)i(corresp)q(onding)g(k)o
  833. X(ernel)g(call.)146 2327 y(The)j(function)p 428 2327 V 37 w
  834. XFd(ok)p 489 2327 V 16 w(addr)n(ess)k Fk(uses)c(the)h(so)q(c)o(k)o(et)e
  835. X(address)h(and)h(length)f(argumen)o(ts)g(if)g(they)g(mak)o(e)75
  836. X2384 y(sense.)28 b(Ho)o(w)o(ev)o(er,)18 b(if)g(the)g(so)q(c)o(k)o(et)f
  837. X(address)h(p)q(oin)o(ter)g(is)h Fh(NULL)e Fk(or)g(the)h(length)h(is)f(not)g
  838. X(su\016cien)o(t,)h(then)p 75 2440 V 89 2440 a Fd(ok)p 136 2440
  839. XV 17 w(addr)n(ess)14 b Fk(will)f(attempt)d(to)h(get)f(the)i(remote)e(host's)h
  840. X(address)g(b)o(y)g(calling)i Fd(getp)n(e)n(ername)d Fk(with)i(the)f(\014le)75
  841. X2497 y(descriptor)j(\(the)f(\014rst)g(argumen)o(t\).)19 b(If)14
  842. Xb(the)f(so)q(c)o(k)o(et)g(is)h(connectionless,)h(then)f(the)g(call)h(to)e
  843. XFd(getp)n(e)n(ername)75 2553 y Fk(will)k(fail)f(and)p 329 2553
  844. XV 32 w Fd(ok)p 390 2553 V 17 w(addr)n(ess)i Fk(tak)o(es)d(the)g(attitude)g
  845. X(\\b)q(etter)g(safe)g(than)g(sorry")f(b)o(y)h(returning)h(failure.)146
  846. X2610 y(It)c(is)g(imp)q(ortan)o(t)g(to)f(realize)j(that)d(the)h(\014le)i
  847. X(descriptor)e(is)h(only)f(used)h(if)g(the)f(so)q(c)o(k)o(et)f(address)h(p)q
  848. X(oin)o(ter)75 2666 y(and)20 b(length)h(do)f(not)g(pro)o(vide)g(su\016cien)o
  849. X(t)h(information.)35 b(In)21 b(all)g(three)f(cases)g(\()p Fh(accept)p
  850. XFk(,)f Fh(recvfrom)p Fk(,)p eop
  851. X%%Page: 5 5
  852. Xbop 314 44 a Fh(#)23 b(Configuration)f(file)i(for)f(securelib.)314
  853. X100 y(#)g(<name>)190 b(<address>)166 b(<mask>)314 157 y(all)309
  854. Xb(127.0.0.0)166 b(0.255.255.255)314 213 y(all)309 b(129.105.5.0)118
  855. Xb(0.0.0.255)314 270 y(ypserv)237 b(129.105.2.0)118 b(0.0.0.255)600
  856. X417 y Fk(Figure)15 b(2:)20 b(Example)15 b(Con\014guration)g(File)75
  857. X551 y Fh(recvmsg)p Fk(\),)h(the)i(so)q(c)o(k)o(et)e(address)i(v)m(alues)g
  858. X(are)f(tak)o(en)g(from)g(the)g(argumen)o(ts)g(supplied)i(b)o(y)f(the)f
  859. X(caller.)75 607 y(Therefore,)e(a)g(w)o(ell-written)h(program)e(should)i(not)f
  860. X(encoun)o(ter)g(an)o(y)g(problems.)75 729 y Fe(3.2)56 b(Con\014guration)75
  861. X815 y Fk(The)16 b(\014rst)g(implemen)o(tation)h(of)p 644 815
  862. X14 2 v 32 w Fd(ok)p 705 815 V 17 w(addr)n(ess)i Fk(used)d(a)g(static)f(table)
  863. Xi(to)e(determine)i(if)f(an)g(address)g(w)o(as)75 871 y(acceptable.)36
  864. Xb(When)21 b(the)f(\014rst)g(v)o(ersion)h(of)f(this)g(pac)o(k)m(age)h(w)o(as)e
  865. X(released,)j(one)f(of)e(its)i(users)f(kindly)75 928 y(sen)o(t)h(the)g(author)
  866. Xg(a)g(b)q(etter)g(v)o(ersion)h(of)p 819 928 V 37 w Fd(ok)p
  867. X880 928 V 17 w(addr)n(ess)j Fk(whic)o(h)d(reads)f(its)g(information)h(from)e
  868. X(a)h(\014le.)75 984 y(Av)m(ailabilit)o(y)e(of)d(source)h(means)f(that)p
  869. X757 984 V 32 w Fd(ok)p 818 984 V 17 w(addr)n(ess)k Fk(can)d(b)q(e)g(c)o
  870. X(hanged)f(to)g(suit)h(an)o(y)f(particular)h(needs)75 1040 y(that)d(a)h(giv)o
  871. X(en)h(site)g(ma)o(y)e(ha)o(v)o(e.)146 1097 y(The)k(lo)q(cation)h(of)e(the)h
  872. X(con\014guration)g(\014le)h(is)g(determined)g(at)e(compile)j(time.)28
  873. Xb(By)18 b(default,)h(it)f(is)75 1153 y(named)13 b Fh(/etc/securelib.conf)p
  874. XFk(.)k(Some)c(ma)o(y)f(wish)i(to)e(pro)o(vide)i(an)f(additional)i(lev)o(el)f
  875. X(of)f(securit)o(y)g(b)o(y)75 1210 y(placing)i(the)f(con\014guration)g(\014le)
  876. Xh(in)g(a)e(directory)h(readable)h(only)g(b)o(y)e Fh(root)p
  877. XFk(,)g(suc)o(h)i(as)e Fh(/etc/security)p Fk(.)75 1266 y(The)j(adv)m(an)o
  878. X(tage)f(is)h(that)f(a)h(regular)f(user)h(cannot)g(determine)g(whic)o(h)h
  879. X(hosts)e(are)g(allo)o(w)o(ed)h(to)f(connect)75 1323 y(to)j(whic)o(h)i(lo)q
  880. X(cal)g(serv)o(ers.)30 b(The)19 b(disadv)m(an)o(tage)g(is)g(that)f(only)h(pro)
  881. Xq(cesses)g(run)g(as)g Fh(root)f Fk(can)h(use)g(the)75 1379
  882. Xy(secured)d(library)l(.)23 b(In)16 b(most)f(en)o(vironmen)o(ts,)g(this)h(is)g
  883. X(not)f(an)h(issue)g(since)h(all)g(net)o(w)o(ork)d(serv)o(ers)h(run)h(as)75
  884. X1436 y(ro)q(ot)e(an)o(yw)o(a)o(y)l(.)146 1492 y(The)22 b(syn)o(tax)g(of)f
  885. X(the)i(con\014guration)f(\014le)i(is)e(t)o(ypical)h(for)f Fi(unix)p
  886. XFk(.)41 b(A)22 b(hash)g(mark)g(\()p Fh(#)p Fk(\))f(starts)g(a)75
  887. X1549 y(commen)o(t)16 b(whic)o(h)i(ends)f(at)f(the)h(end)h(of)e(the)h(line.)26
  888. Xb(Eac)o(h)16 b(line)j(has)d(three)h(\014elds)h(separated)f(b)o(y)f(white)75
  889. X1605 y(space:)131 1699 y(1.)22 b(the)15 b(service)h(name)131
  890. X1793 y(2.)22 b(the)15 b(p)q(ermissible)j(address)131 1886 y(3.)k(the)15
  891. Xb(comparison)g(mask)75 1980 y(An)j(example)g(con\014guration)f(\014le)h(is)g
  892. X(giv)o(en)g(in)g(\014gure)f(2.)26 b(The)17 b(function)p 1376
  893. X1980 V 35 w Fd(ok)p 1437 1980 V 17 w(addr)n(ess)j Fk(main)o(tains)e(an)75
  894. X2037 y(in)o(ternal)c(cop)o(y)e(of)g(eac)o(h)h(applicable)i(line)g(from)d(the)
  895. Xh(\014le.)20 b(It)12 b(only)i(considers)f(a)g(line)h(\\applicable")h(if)e
  896. X(the)75 2093 y(service)k(name)e(is)h(\\)p Fh(all)p Fk(")f(or)g(if)h(it)g
  897. X(matc)o(hes)f(the)h(name)g(of)f(this)h(pro)q(cess's)g(service)g(\(the)g
  898. X(metho)q(d)f(used)75 2150 y(to)k(determine)h(that)f(name)g(is)h(discussed)g
  899. X(in)h(section)e(3.3\).)31 b(T)l(o)19 b(v)o(erify)h(a)f(connection,)p
  900. X1656 2150 V 38 w Fd(ok)p 1717 2150 V 16 w(addr)n(ess)75 2206
  901. Xy Fk(c)o(hec)o(ks)c(ev)o(ery)g(applicable)j(line)f(as)e(follo)o(ws:)143
  902. X2300 y Fc(\017)23 b Fk(the)16 b(so)q(c)o(k)o(et's)f(In)o(ternet)i(address)f
  903. X(is)h(mask)o(ed)f(via)h(a)f(\\bit)o(wise)h(and")f(of)g(the)g(one's)g
  904. X(complemen)o(t)189 2356 y(of)d(the)h(sp)q(eci\014ed)h(mask)e(\(in)i(retrosp)q
  905. X(ect,)e(the)h(con\014guration)f(\014le)i(should)g(ha)o(v)o(e)e(sp)q
  906. X(eci\014ed)j(a)d(true)189 2413 y(subnet)i(mask\))143 2507 y
  907. XFc(\017)23 b Fk(the)15 b(result)h(is)f(compared)g(against)g(the)h(address)f
  908. X(sp)q(eci\014ed)i(in)f(the)f(con\014guration)h(\014le)143 2600
  909. Xy Fc(\017)23 b Fk(success)15 b(is)h(indicated)h(if)f(and)f(only)h(if)g(the)f
  910. X(result)h(is)f(true)p eop
  911. X%%Page: 6 6
  912. Xbop 605 55 a Fh(LD_LIBRARY_PATH=/usr/lib/se)o(cure)605 112
  913. Xy(export)23 b(LD_LIBRARY_PATH)605 168 y(exec)g($@)501 312 y
  914. XFk(Figure)15 b(3:)20 b(Shell)d(script)f(to)e(start)g(secured)i(programs)295
  915. X455 y Fh(SECURE="")295 512 y(if)23 b([)h(-x)g(/usr/lib/secure/start)d(];)i
  916. X(then)366 568 y(echo)h('Using)f(network)g(secure)g(library)g(where)g
  917. X(appropriate.')366 625 y(SECURE="/usr/lib/secure/start")295
  918. X681 y(fi)576 825 y Fk(Figure)15 b(4:)20 b(P)o(ossible)c(addition)g(to)f
  919. XFh(rc.local)75 949 y Fe(3.3)56 b(Use)75 1035 y Fk(After)12
  920. Xb(prop)q(er)i(con\014guration,)f(the)g Fh(Makefile)e Fk(distributed)k(with)e
  921. X(the)g(pac)o(k)m(age)f(\(in)i(conjunction)g(with)75 1091 y(a)k(few)h(shell)i
  922. X(scripts\))d(will)j(p)q(erform)e(all)g(steps)g(required)h(to)e(build)j(a)d
  923. X(new)h(shared)g(C)g(library)l(.)32 b(The)75 1148 y(library)17
  924. Xb(should)h(then)f(b)q(e)h(installed)g(in)g(a)e(lo)q(cation)i(separate)e(from)
  925. Xg Fh(/usr/lib)p Fk(.)23 b(This)17 b(library)h(is)f Fd(not)75
  926. X1204 y Fk(designed)k(to)f(replace)g(the)g(standard)g(lib)q(c.)36
  927. Xb(Rather,)20 b(it)g(is)h(in)o(tended)g(to)e(b)q(e)i(used)f(only)h(in)g
  928. X(certain)75 1261 y(cases.)f(The)c(author)f(c)o(hose)g(to)g(create)g(a)g(sp)q
  929. X(ecial)i(directory)f(for)f(the)g(task:)20 b Fh(/usr/lib/secure)p
  930. XFk(.)e(An)o(y)75 1317 y(pro)q(cess)f(started)g(with)g(the)g(en)o(vironmen)o
  931. X(t)h(v)m(ariable)g Fh(LD_LIBRARY_PATH)d Fk(set)i(to)f(this)i(directory)f
  932. X(will)75 1374 y(b)q(e)h(dynamically)i(link)o(ed)f(against)e(the)h(secure)g(C)
  933. Xf(library)h(instead)h(of)e(the)g(standard)g(one.)27 b(Figure)18
  934. Xb(3)75 1430 y(giv)o(es)d(an)g(Bourne)h(shell)h(script)f(whic)o(h)g(can)f(b)q
  935. X(e)h(used)g(to)e(start)g(\\secured")i(daemons.)146 1486 y(Normally)l(,)k(the)
  936. Xg(name)f(of)g(a)g(net)o(w)o(ork)f(service)j(is)f(determined)g
  937. XFd(a)h(priori)f Fk(or)f(b)o(y)g(lo)q(oking)h(at)f(the)75 1543
  938. Xy(pro)q(cess's)i(zeroth)g(argumen)o(t)g(\()p Fh(argv[0])p Fk(\).)36
  939. Xb(The)22 b(secure)f(library)h(cannot)g(use)f(either)h(metho)q(d)g(for)75
  940. X1599 y(determining)f(the)f(service)h(name.)34 b(It)20 b(m)o(ust)f(resort)g
  941. X(to)g(either)i(heuristics)g(or)e(sneaky)h(tric)o(ks.)34 b(The)75
  942. X1656 y(author)20 b(of)f(the)i(con\014guration)f(\014le)h(co)q(de)g(opted)f
  943. X(for)g(the)g(latter.)35 b(An)o(y)20 b(pro)q(cess)g(using)h(the)f(secure)75
  944. X1712 y(library)c(is)f(already)g(b)q(eing)h(started)e(with)h(an)g(altered)g
  945. X(en)o(vironmen)o(t,)g(so)g(requiring)h(one)f(more)f(c)o(hange)75
  946. X1769 y(to)g(the)h(en)o(vironmen)o(t)g(w)o(as)f(deemed)h(acceptable.)21
  947. Xb(The)15 b(function)p 1232 1769 14 2 v 32 w Fd(ok)p 1293 1769
  948. XV 17 w(addr)n(ess)j Fk(uses)d(the)g(v)m(alue)h(of)e(the)75
  949. X1825 y(en)o(vironmen)o(t)f(v)m(ariable)i Fh(SL_NAME)d Fk(to)g(determine)i
  950. X(the)f(name)h(of)e(the)h(service.)20 b(Only)15 b(those)d(lines)j(in)f(the)75
  951. X1882 y(con\014guration)h(\014le)i(whic)o(h)f(start)e(with)h(the)g(same)g
  952. X(name)h(or)e(the)i(name)f Fh(all)f Fk(will)j(ha)o(v)o(e)e(signi\014cance.)146
  953. X1938 y(The)j(shell)h(\014le)g(presen)o(ted)f(in)h(\014gure)f(3)g(is)g(easily)
  954. Xh(mo)q(di\014ed)g(to)e(accommo)q(date)h(this)g(metho)q(d)g(b)o(y)75
  955. X1995 y(adding)e(one)f(line)i(to)e(the)g(b)q(eginning:)724 2076
  956. Xy Fh(SL_NAME=`basename)22 b($1`)75 2158 y Fk(The)15 b(only)h(other)e(c)o
  957. X(hange)h(required)h(is)g(the)f(ob)o(vious)g(one)g(to)f(the)h
  958. XFh(export)f Fk(command.)20 b(This)c(mo)q(di\014ed)75 2214 y(script)h(is)h
  959. X(pro)o(vided)g(in)f(the)g(secure)h(library)g(pac)o(k)m(age)f(and)g(is)g
  960. X(called)i Fh(start)p Fk(.)24 b(The)18 b(installation)g(step)75
  961. X2271 y(places)e(a)f(cop)o(y)g(in)h(the)f(same)g(directory)h(as)e(the)i
  962. X(secure)g(library)f(itself.)146 2327 y(Actual)d(in)o(v)o(o)q(cation)g(of)f
  963. X(the)g Fh(start)g Fk(script)h(will)h(almost)e(certainly)i(b)q(e)f(limited)h
  964. X(to)e Fh(/etc/rc.local)p Fk(.)75 2384 y(Those)g(who)g(wish)h(to)f(k)o(eep)h
  965. XFh(rc.local)e Fk(as)h(adaptable)h(as)f(p)q(ossible)i(should)f(mak)o(e)f(mo)q
  966. X(di\014cations)i(as)e(fol-)75 2440 y(lo)o(ws.)18 b(Near)12
  967. Xb(the)f(b)q(eginning)j(of)d Fh(rc.local)f Fk(a)h(c)o(hec)o(k)h(is)g(made)f
  968. X(for)g(the)g(existence)i(of)e Fh(/usr/lib/secure)75 2497 y
  969. XFk(and)h(an)g(en)o(vironmen)o(t)g(v)m(ariable)h(is)g(set)f(accordingly)l(.)20
  970. Xb(The)12 b(script)g(fragmen)o(t)f(in)i(\014gure)f(4)f(accomplishes)75
  971. X2553 y(this.)146 2610 y(The)16 b(lines)h(in)f Fh(rc.local)f
  972. XFk(whic)o(h)i(in)o(v)o(ok)o(e)e(the)h(daemons)g(in)g(need)h(of)e(protection)h
  973. X(are)f(mo)q(di\014ed)i(so)75 2666 y(that)d(they)h(start)e(with)i
  974. XFh($SECURE)p Fk(.)e(If)i(the)g(library)g(exists)g(on)g(this)g(mac)o(hine,)g
  975. X(the)g Fh(start)e Fk(script)j(mak)o(es)p eop
  976. X%%Page: 7 7
  977. Xbop 75 8 a Fk(sure)18 b(that)f(eac)o(h)h(daemon)f(is)h(started)f(with)h(the)g
  978. X(appropriate)g(en)o(vironmen)o(t.)27 b(Otherwise,)19 b Fh($SECURE)75
  979. X64 y Fk(expands)d(to)e(nothing)i(and)f(the)h(daemon)f(is)h(started)e
  980. X(normally)l(.)75 186 y Fe(3.4)56 b(Limitations)75 272 y Fk(This)13
  981. Xb(tec)o(hnique)g(is)g(not)f(in)o(tended)h(to)f(solv)o(e)g(all)h(net)o(w)o
  982. X(ork)f(securit)o(y)g(problems.)20 b(It)12 b(insures)h(that)e(serv)o(ers)75
  983. X328 y(ha)o(v)o(e)21 b(some)h(con)o(trol)g(o)o(v)o(er)f(the)h(net)o(w)o(ork)e
  984. X(lo)q(cation)j(of)e(clien)o(ts)j(who)d(are)h(requesting)g(information.)75
  985. X384 y(Net)o(w)o(ork)14 b(administrators)g(m)o(ust)h(use)g(ev)o(ery)g(to)q(ol)
  986. Xg(at)f(their)i(disp)q(osal)g(to)e(secure)i(their)f(systems.)k(This)75
  987. X441 y(is)d(just)f(another)f(to)q(ol)i(for)e(the)h(to)q(olb)q(o)o(x.)146
  988. X497 y(The)i(most)g(serious)h(shortcoming)g(is)g(its)g(reliance)h(on)f(p)q
  989. X(eer)g(information.)28 b(The)18 b(wrapp)q(ers)f(ha)o(v)o(e)75
  990. X554 y(no)j(c)o(hoice)h(but)f(to)f(trust)g(the)h(information)h(ab)q(out)e(the)
  991. Xh(remote)g(host)f(whic)o(h)i(the)f(k)o(ernel)h(giv)o(es)f(it.)75
  992. X610 y(But)i(this)g(information)h(is)f(based)g(solely)h(on)f(the)g(data)f(in)i
  993. X(the)f(IP)g(pac)o(k)o(et)g(header|information)75 667 y(that)c(can)g(b)q(e)h
  994. X(forged.)29 b(The)19 b(more)f(common)g(In)o(ternet)h(problem)g(of)f
  995. X(falsifying)h(IP)g(address)g(to)e(host)75 723 y(name)e(translations)h(will)h
  996. X(not)e(a\013ect)g(the)g(secure)h(library)l(,)g(since)h(its)f(c)o(hec)o(king)g
  997. X(is)g(based)g(solely)g(on)g(IP)75 780 y(addresses.)146 836
  998. Xy(Another)e(limitation)i(is)g(time.)k(It)14 b(tak)o(es)g(time)h(to)f(c)o(hec)
  999. Xo(k)h(ev)o(en)g(one)g(pac)o(k)o(et.)k(F)l(or)c(most)e(proto)q(cols,)75
  1000. X893 y(this)21 b(extra)f(o)o(v)o(erhead)g(has)h(little)h(impact.)36
  1001. Xb(But)21 b(for)f(hea)o(vily)i(used)f(stateless)f(and)h(connectionless)75
  1002. X949 y(proto)q(cols,)16 b(suc)o(h)h(as)f Fi(nfs)p Fk(,)h(the)f(impact)h(is)g
  1003. X(v)o(ery)f(noticeable.)26 b(This)17 b(tec)o(hnique)h(is)f(not)f(w)o(ell)h
  1004. X(suited)h(to)75 1006 y(suc)o(h)e(applications.)23 b(This)17
  1005. Xb(is)f(a)f(v)o(ery)h(disapp)q(oin)o(ting)h(realization.)23
  1006. Xb(It)16 b(implies)i(that)d(an)g Fi(nfs)h Fk(daemon)75 1062
  1007. Xy(whic)o(h)e(do)q(es)g(explicit)h(c)o(hec)o(king)f(for)f(ev)o(ery)g(request)h
  1008. X(w)o(ould)f(b)q(e)h(to)q(o)f(slo)o(w)g(for)g(an)o(y)g(practical)h(purp)q
  1009. X(oses.)75 1205 y Fl(4)69 b(In)23 b(the)g(Absence)f(of)h(Shared)h(Libraries)75
  1010. X1307 y Fk(This)16 b(tec)o(hnique)h(w)o(as)e(dev)o(elop)q(ed)i(under)g(SunOS)g
  1011. X(sp)q(eci\014cally)h(for)d(a)h(net)o(w)o(ork)e(of)i(SunOS)h(mac)o(hines.)75
  1012. X1363 y(It)e(can)g(easily)g(b)q(e)h(adapted)e(to)g(an)o(y)h(op)q(erating)g
  1013. X(system)f(whic)o(h)h(supp)q(orts)g(and)g(uses)g(shared)g(libraries,)75
  1014. X1420 y(pro)o(vided)j(that)f(there)g(is)h(a)f(mec)o(hanism)h(for)f(rebuilding)
  1015. Xj(a)d(shared)g(C)g(run-time)h(library)l(.)27 b(Although)75
  1016. X1476 y(implemen)o(tation)12 b(w)o(ould)g(certainly)g(b)q(e)g(di\016cult,)h
  1017. X(the)e(idea)h(ma)o(y)e(b)q(e)i(applicable)i(to)c(op)q(erating)h(systems)75
  1018. X1532 y(whic)o(h)16 b(do)f(not)g(supp)q(ort)g(shared)h(libraries.)146
  1019. X1589 y(An)g(unstripp)q(ed)h(executable)g(still)h(con)o(tains)d(the)h(sym)o(b)
  1020. Xq(ol)h(table,)f(whic)o(h)g(includes)i(enough)f(infor-)75 1645
  1021. Xy(mation)c(to)f(\014nd)h(the)g(en)o(try)g(p)q(oin)o(t)g(for)f(an)o(y)h
  1022. X(external)g(function)h(in)f(the)g(program.)18 b(This)13 b(w)o(ould)h(include)
  1023. X75 1702 y(the)19 b(fron)o(t)e(ends)i(for)f(k)o(ernel)h(calls.)31
  1024. Xb(One)20 b(can)e(conceiv)o(e)i(of)e(a)g(program)g(that)f(w)o(ould)i(alter)g
  1025. X(the)f(\014rst)75 1758 y(instruction)13 b(in)f(a)f(function)i(with)f(a)f
  1026. X(jump)h(to)f(a)g(new)h(function)g(added)h(to)d(the)i(executable.)20
  1027. Xb(Adding)13 b(ad-)75 1815 y(ditional)j(co)q(de)f(is)f(the)h(di\016cult)g
  1028. X(part:)k(ev)o(en)c(an)f(unstripp)q(ed)i(executable)g(t)o(ypically)f(do)q(es)g
  1029. X(not)f(con)o(tain)75 1871 y(the)i(relo)q(cation)h(information,)f(making)g(it)
  1030. Xg(imp)q(ossible)i(to)e(mo)o(v)o(e)f(an)o(y)h(existing)h(sym)o(b)q(ols.)22
  1031. Xb(Ironically)l(,)75 1928 y(application)15 b(of)f(virus)g(writing)g(tec)o
  1032. X(hnology)g(w)o(ould)g(mak)o(e)g(it)g(p)q(ossible)h(to)e(add)h(the)g
  1033. X(necessary)g(co)q(de)h(to)75 1984 y(the)g(executable.)146 2041
  1034. Xy(Executables)21 b(whic)o(h)g(ha)o(v)o(e)e(had)i(the)f(sym)o(b)q(ol)h(table)f
  1035. X(stripp)q(ed)i(p)q(ose)e(an)g(additional)i(c)o(hallenge.)75
  1036. X2097 y(The)16 b(only)g(w)o(a)o(y)e(to)h(patc)o(h)g(it)h(w)o(ould)g(b)q(e)g
  1037. X(to)f(do)g(some)g(sort)g(of)g(disassem)o(bly)l(.)22 b(Prior)15
  1038. Xb(kno)o(wledge)h(of)f(the)75 2153 y(program's)d(structure)h(w)o(ould)h(aid)h
  1039. X(the)e(disassem)o(bly)i(pro)q(cess,)f(and)g(suc)o(h)g(kno)o(wledge)g(can)g(b)
  1040. Xq(e)g(gleaned)75 2210 y(from)d(the)h(freely)h(a)o(v)m(ailable)h
  1041. XFi(bsd)e Fk(net)o(w)o(ork)f(program)g(sources.)19 b(The)12
  1042. Xb(v)o(endor's)f(executable)i(ma)o(y)f(not)f(b)q(e)75 2266 y(iden)o(tical)16
  1043. Xb(to)d(the)i Fi(bsd)f Fk(programs,)f(but)h(similarities)j(should)e(still)g
  1044. X(exist.)20 b(Eac)o(h)14 b(net)o(w)o(ork)f(daemon)h(has)75 2323
  1045. Xy(essen)o(tially)h(the)f(same)f(structure:)19 b(initialization)e(follo)o(w)o
  1046. X(ed)c(b)o(y)h(the)g(main)g(lo)q(op.)20 b(Near)13 b(the)h(b)q(eginning)75
  1047. X2379 y(of)g(the)g(main)h(lo)q(op)g(one)f(w)o(ould)h(\014nd)g(a)e(call)j(to)d
  1048. X(one)i(of)f(the)g(three)g(net)o(w)o(orking)g(system)g(calls:)20
  1049. Xb Fh(accept)p Fk(,)75 2436 y Fh(recvfrom)15 b Fk(or)g Fh(recvmsg)p
  1050. XFk(.)20 b(Once)d(this)f(call)h(is)f(found,)g(the)f(lo)q(cation)i(of)e(the)h
  1051. X(appropriate)f(k)o(ernel)i(fron)o(t)75 2492 y(end)h(function)f(w)o(ould)h(b)q
  1052. X(e)g(kno)o(wn)e(and)h(the)h(tec)o(hnique)g(used)f(in)h(the)f(previous)h
  1053. X(paragraph)e(could)i(b)q(e)75 2549 y(applied.)k(It)15 b(w)o(ould)h(b)q(e)f
  1054. X(di\016cult|p)q(erhaps)j(imp)q(ossible|to)g(automate)c(this)h(analysis.)p
  1055. Xeop
  1056. X%%Page: 8 8
  1057. Xbop 75 8 a Fl(5)69 b(Av)l(ailabilit)n(y)75 109 y Fk(The)16
  1058. Xb(secured)i(C)e(library)h(pac)o(k)m(age)f(is)h(freely)f(redistributable.)25
  1059. Xb(It)17 b(is)f(a)o(v)m(ailable)i(via)f(anon)o(ymous)e Fi(ftp)75
  1060. X166 y Fk(from)10 b Fh(eecs.nwu.edu)e Fk(in)k(the)e(directory)h
  1061. XFh(/pub/securelib)p Fk(.)16 b(A)o(t)10 b(the)h(time)f(this)h(pap)q(er)g(w)o
  1062. X(as)f(published,)75 222 y(the)15 b(In)o(ternet)h(address)f(for)f
  1063. XFh(eecs.nwu.edu)g Fk(w)o(as)g(129)p Fa(:)p Fk(105)p Fa(:)p
  1064. XFk(5)p Fa(:)p Fk(103.)75 365 y Fl(6)69 b(Conclusions)75 467
  1065. Xy Fk(Securit)o(y)18 b(is)f(a)g(v)o(ery)g(di\016cult)h(problem.)26
  1066. Xb(This)18 b(pac)o(k)m(age)f(tak)o(es)f(one)h(step)g(in)h(the)f(righ)o(t)g
  1067. X(direction)h(b)o(y)75 523 y(pro)o(viding)d(an)f(extra)f(lev)o(el)j(of)d(c)o
  1068. X(hec)o(king.)21 b(It)14 b(prev)o(en)o(ts)f(access)i(to)e(critical)i(system)f
  1069. X(services)h(b)o(y)f(clien)o(ts)75 580 y(outside)20 b(a)f(sp)q(eci\014ed)j
  1070. X(realm.)33 b(It)20 b(pro)o(vides)g(added)g(functionalit)o(y)h(whic)o(h)f
  1071. X(should)h(ha)o(v)o(e)e(b)q(een)i(there)75 636 y(all)c(along,)g(but)f(it)h(do)
  1072. Xq(es)g(so)f(in)h(a)f(w)o(a)o(y)f(that)h(do)q(es)h(not)f(require)h(source)f
  1073. X(from)g(the)g(original)i(op)q(erating)75 692 y(system.)30 b(The)18
  1074. Xb(secure)h(library)h(can)e(b)q(e)i(installed)g(and)f(used)g(on)g(an)o(y)f
  1075. X(sto)q(c)o(k)g(Sun)h(system)f(pro)o(vided)75 749 y(these)h(simple)h
  1076. X(requiremen)o(ts)e(are)h(met:)26 b(SunOS)19 b(v)o(ersion)g(4.1,)f(4.1.1,)f
  1077. X(or)h(4.1.2)f(and)i(installation)g(of)75 805 y(the)14 b(option)h
  1078. XFh(shlib_custom)d Fk(\(a)o(v)m(ailable)k(on)e(all)h(distribution)h(tap)q(es,)
  1079. Xe(but)h(not)e(preinstalled)k(b)o(y)d(Sun\).)75 949 y Fl(7)69
  1080. Xb(Ac)n(kno)n(wledgemen)n(ts)75 1050 y Fk(The)12 b(author)f(w)o(ould)i(lik)o
  1081. X(e)g(to)e(thank)h(all)h(the)f(bra)o(v)o(e)f(p)q(eople)i(who)f(tried)g(the)g
  1082. X(\014rst)g(v)o(ersion)g(of)f(his)i(pac)o(k)m(age)75 1107 y(and)k(to)f(North)o
  1083. X(w)o(estern)g(Univ)o(ersit)o(y)i(for)e(giving)i(him)f(a)g(sandb)q(o)o(x)g(to)
  1084. Xf(pla)o(y)h(in.)26 b(He)17 b(w)o(ould)g(esp)q(ecially)75 1163
  1085. Xy(lik)o(e)j(to)d(thank)i(Sam)f(Horro)q(c)o(ks)f(of)h(UCI)h(for)f(pro)o
  1086. X(viding)h(the)g(co)q(de)g(whic)o(h)g(reads)f(the)h(con\014guration)75
  1087. X1219 y(\014le.)75 1363 y Fl(References)75 1464 y Fk([1])j(William)d(R.)f
  1088. X(Cheswic)o(k.)29 b(The)18 b(design)h(of)f(a)f(secure)i(in)o(ternet)f(gatew)o
  1089. X(a)o(y)l(.)27 b(In)18 b Fd(Pr)n(o)n(c)n(e)n(e)n(dings)f(of)i(the)146
  1090. X1521 y(Summer)d(1990)i(USENIX)c(Confer)n(enc)n(e)p Fk(.)f(USENIX)j(Asso)q
  1091. X(ciation,)f(1990.)75 1614 y([2])22 b(William)e(R.)f(Cheswic)o(k.)32
  1092. Xb(An)19 b(ev)o(ening)g(with)h(b)q(erferd)f(in)h(whic)o(h)g(a)e(crac)o(k)o(er)
  1093. Xg(is)i(lured,)g(endured,)146 1671 y(and)e(studied.)29 b(In)19
  1094. Xb Fd(Pr)n(o)n(c)n(e)n(e)n(dings)d(of)j(the)g(Winter)g(1992)h(USENIX)d(Confer)
  1095. Xn(enc)n(e)p Fk(,)f(pages)i(163{174.)146 1727 y(USENIX)e(Asso)q(ciation,)f
  1096. X(1992.)75 1821 y([3])22 b(Computer)11 b(Emergency)h(Resp)q(onse)h(T)l(eam.)h
  1097. X(SunOS)f(NIS)f(vulnerabilit)o(y)l(.)17 b(CER)l(T)12 b(Advisory)g(92:13,)146
  1098. X1878 y(June)k(4)f(1992.)75 1971 y([4])22 b(Daniel)g(V.)g(Klein.)41
  1099. Xb(F)l(oiling)23 b(the)e(crac)o(k)o(er:)32 b(A)22 b(surv)o(ey)f(of,)i(and)e
  1100. X(impro)o(v)o(emen)o(ts)h(to,)g(passw)o(ord)146 2028 y(securit)o(y)l(.)e(In)c
  1101. XFd(UNIX)f(Se)n(curity)h(Workshop)h(II)p Fk(,)d(pages)h(5{14.)f(USENIX)i(Asso)
  1102. Xq(ciation,)f(1990.)75 2122 y([5])22 b(Eugene)17 b(H.)f(Spa\013ord.)23
  1103. Xb(The)17 b(in)o(ternet)g(w)o(orm)e(inciden)o(t.)26 b(T)l(ec)o(hnical)18
  1104. Xb(Rep)q(ort)f(CSD-TR-933,)f(De-)146 2178 y(partmen)o(t)e(of)h(Computer)g
  1105. X(Science,)h(Purdue)g(Univ)o(ersit)o(y)l(,)g(Septem)o(b)q(er)g(1991.)75
  1106. X2272 y([6])22 b(Sun)16 b(Microsystems.)j Fd(Network)e(and)f(Communic)n
  1107. X(ations)f(A)n(dministr)n(ation)p Fk(,)f(Marc)o(h)g(27)h(1990.)75
  1108. X2366 y([7])22 b Fd(Unix)15 b(Pr)n(o)n(gr)n(ammers)h(R)n(efer)n(enc)n(e)f
  1109. X(Manual)p Fk(.)k(Section)d(2.)75 2460 y([8])22 b(Wietse)17
  1110. Xb(V)l(enema.)26 b(TCP)16 b(wrapp)q(er,)h(a)g(to)q(ol)g(for)f(net)o(w)o(ork)g
  1111. X(monitoring,)i(access)f(con)o(trol,)f(and)i(for)146 2516 y(setting)d(up)h(b)q
  1112. X(o)q(ob)o(y)f(traps.)k(In)d Fd(Thir)n(d)g(UNIX)f(Se)n(curity)h(Symp)n(osium)p
  1113. XFk(,)f(1992.)k(T)l(o)c(b)q(e)g(published.)p eop
  1114. X%%Page: 9 9
  1115. Xbop 75 8 a Fl(A)69 b(Kernel)21 b(Call)g(W)-6 b(rapp)r(ers)75
  1116. X109 y Fk(This)16 b(is)f(the)h(C)f(function)h(used)g(in)g(place)g(of)f(the)g
  1117. X(k)o(ernel)h(call)g Fh(accept)p Fk(.)75 215 y Fh(#include)23
  1118. Xb(<sys/types.h>)75 272 y(#include)g(<sys/socket.h>)75 328 y(#include)g
  1119. X(<sys/syscall.h>)75 385 y(#include)g(<errno.h>)75 498 y(accept\(s,)g(addr,)g
  1120. X(addrlen\))75 611 y(int)g(s;)75 667 y(struct)g(sockaddr)g(*addr;)75
  1121. X723 y(int)g(*addrlen;)75 836 y({)170 893 y(register)g(int)h(retval;)170
  1122. X949 y(struct)f(sockaddr)g(sa;)170 1006 y(int)h(salen;)170 1119
  1123. Xy(salen)g(=)f(sizeof\(sa\);)170 1175 y(if)h(\(\(retval)f(=)h
  1124. X(syscall\(SYS_accept,)d(s,)i(&sa,)h(&salen\)\))e(>=)i(0\))170
  1125. X1232 y({)266 1288 y(if)f(\(_ok_address\(retval,)f(&sa,)h(salen\)\))266
  1126. X1344 y({)361 1401 y(_addrcpy\(addr,)f(addrlen,)h(&sa,)g(salen\);)361
  1127. X1457 y(return)g(\(retval\);)266 1514 y(})266 1570 y(close\(retval\);)266
  1128. X1627 y(errno)g(=)h(ECONNREFUSED;)266 1683 y(return)f(\(-1\);)170
  1129. X1740 y(})170 1796 y(return)g(\(retval\);)75 1853 y(})p eop
  1130. X%%Page: 10 10
  1131. Xbop 75 8 a Fk(This)16 b(is)f(the)h(C)f(function)h(used)g(in)g(place)g(of)f
  1132. X(the)g(k)o(ernel)h(call)g Fh(recvfrom)p Fk(.)75 114 y Fh(#include)23
  1133. Xb(<sys/types.h>)75 170 y(#include)g(<sys/socket.h>)75 227 y(#include)g
  1134. X(<sys/syscall.h>)75 283 y(#include)g(<errno.h>)75 396 y(recvfrom\(s,)f(buf,)i
  1135. X(len,)f(flags,)g(from,)g(fromlen\))75 509 y(int)g(s;)75 566
  1136. Xy(char)g(*buf;)75 622 y(int)g(len,)h(flags;)75 678 y(struct)f(sockaddr)g
  1137. X(*from;)75 735 y(int)g(*fromlen;)75 848 y({)170 904 y(register)g(int)h
  1138. X(retval;)170 1017 y(if)g(\(\(retval)f(=)h(syscall\(SYS_recvfrom,)d(s,)i(buf,)
  1139. Xg(len,)h(flags,)695 1074 y(from,)g(fromlen\)\))e(>=)i(0\))170
  1140. X1130 y({)266 1187 y(if)f(\(_ok_address\(s,)f(from,)h(*fromlen\)\))266
  1141. X1243 y({)361 1299 y(return)g(\(retval\);)266 1356 y(})266 1412
  1142. Xy(errno)g(=)h(ECONNREFUSED;)266 1469 y(return)f(\(-1\);)170
  1143. X1525 y(})170 1582 y(return)g(\(retval\);)75 1638 y(})p eop
  1144. X%%Page: 11 11
  1145. Xbop 75 8 a Fk(This)16 b(is)f(the)h(C)f(function)h(used)g(in)g(place)g(of)f
  1146. X(the)g(k)o(ernel)h(call)g Fh(recvmsg)p Fk(.)75 114 y Fh(#include)23
  1147. Xb(<sys/types.h>)75 170 y(#include)g(<sys/socket.h>)75 227 y(#include)g
  1148. X(<sys/syscall.h>)75 283 y(#include)g(<errno.h>)75 396 y(recvmsg\(s,)f(msg,)i
  1149. X(flags\))75 509 y(int)f(s;)75 566 y(struct)g(msghdr)g(*msg;)75
  1150. X622 y(int)g(flags;)75 735 y({)170 791 y(register)g(int)h(retval;)170
  1151. X904 y(if)g(\(\(retval)f(=)h(syscall\(SYS_recvmsg,)d(s,)i(msg,)h(flags\)\))e
  1152. X(>=)i(0\))170 961 y({)266 1017 y(if)f(\(_ok_address\(s,)f(\(struct)h
  1153. X(sockaddr)g(*\)\(msg->msg_name\),)648 1074 y(msg->msg_namelen\)\))266
  1154. X1130 y({)361 1187 y(return)g(\(retval\);)266 1243 y(})266 1299
  1155. Xy(errno)g(=)h(ECONNREFUSED;)266 1356 y(return)f(\(-1\);)170
  1156. X1412 y(})170 1469 y(return)g(\(retval\);)75 1525 y(})p eop
  1157. X%%Trailer
  1158. Xend
  1159. Xuserdict /end-hook known{end-hook}if
  1160. X%%EOF
  1161. END_OF_FILE
  1162.   if test 38580 -ne `wc -c <'securelib.ps.C'`; then
  1163.     echo shar: \"'securelib.ps.C'\" unpacked with wrong size!
  1164.  elif test -f 'securelib.ps.A' && test -f 'securelib.ps.B'; then
  1165.     echo shar: Combining  \"'securelib.ps'\" \(131349 characters\)
  1166.     cat 'securelib.ps.A' 'securelib.ps.B' 'securelib.ps.C' > 'securelib.ps'
  1167.     if test 131349 -ne `wc -c <'securelib.ps'`; then
  1168.       echo shar: \"'securelib.ps'\" combined with wrong size!
  1169.     else
  1170.       rm securelib.ps.A securelib.ps.B securelib.ps.C
  1171.     fi
  1172.   fi
  1173.   # end of 'securelib.ps.C'
  1174. fi
  1175. echo shar: End of archive 1 \(of 3\).
  1176. cp /dev/null ark1isdone
  1177. MISSING=""
  1178. for I in 1 2 3 ; do
  1179.     if test ! -f ark${I}isdone ; then
  1180.     MISSING="${MISSING} ${I}"
  1181.     fi
  1182. done
  1183. if test "${MISSING}" = "" ; then
  1184.     echo You have unpacked all 3 archives.
  1185.     rm -f ark[1-9]isdone
  1186. else
  1187.     echo You still must unpack the following archives:
  1188.     echo "        " ${MISSING}
  1189. fi
  1190. exit 0
  1191. exit 0 # Just in case...
  1192.