COMMAND

    selection_svc(1)

SYSTEMS AFFECTED

    SuOS 3.5, 4.0, 4.0.1, 4.0.3, 4.1 running the SunView windowing
    system. SunBug ID 1039576.

PROBLEM

    Under SunOS running the  SunView windowing system, it  is possible
    to   remotely   access   files   using   SunView  selection_svc(1)
    subprocess  and  the  RPC  facility.  The  selection_svc   program
    handles  all  selections  made  by  SunView client programs. It is
    used to modify  resource files and  cut/paste selections. The  way
    these clients communicate with selection_svc is though RPC  calls.
    The problem is that the selection service process will accept  RPC
    requets   from   any   user,   both   locally   and  remotely.  No
    authentification is performed. Whats worts it is possible to  scan
    for local systems having  the RPC service available.  The command:
    'rpcinfo  -b  selection_svc  6'  will  print  a  list  of  systems
    running  selection_svc  on  the   local  broadcast  network.   For
    Sun's  386i  systems,   the  problem  is   more  complicated.   On
    these  systems,  selection_svc  is  starded  when  /etc/init  runs
    /etc/rc.  Because  init  runs  as  root,  you  tell  selection_svc
    to read any file.

SOLUTION

    Dissable  suntools  and  use  the  X11  windowing system, or apply
    Sun patch 100085-03.